Re: How do you handle invalid ssh logins?

Jim G wrote:
With all the wanna be hackers running these ssh scripts to try to find no password accounts or default passwords, how do you handle these people? I use a program called fail2ban (Python script) that works well by blocking the ip for 15 minutes on 4 invalid ssh logins. I have also tried changing the port that ssh listens on to 10022. That works well but I found that I have issues using sftp to my other servers.

Let me know how you handle these people and if you are successful.

Jim


Hey,

I try and prevent them in the first place! I use a combination of three things, different port, iptables, and tcpd. As I normally only have a few addresses that I come from, I find this to be an ideal combination in my circumstance. I like the sound of that fail2ban on top of that. I may have to look at that!

JR.

--

Bill will have to take Linux from my cold, dead flippers.

-Tux.
.

Relevant Pages

  • Re: IP Adressen sperren
    ... daß jemand bei mir an Port 22 eine Paßwortliste ... sperre ich ihn bis zum nächsten Reboot (bzw. bis zur ... nächsten Zwangstrennung) mit: ... Fail2Ban ist da seeeeeehr nuetzlich:) ...
    (de.comp.os.unix.linux.misc)
  • Re: How do you handle invalid ssh logins?
    ... no password accounts or default passwords, ... well by blocking the ip for 15 minutes on 4 invalid ssh logins. ... Let me know how you handle these people and if you are successful. ... Regarding sftp, I've used scp -P portnumber with good success. ...
    (linux.redhat)