James Colby wrote: > List members - > > I am running OpenSSH on my home gentoo server. I was examining the > log files for OpenSSH and I noticed multiple login attempts from the > same IP address but with different user names. Is there a simple way > that I can block an IP address from attempting to log in after > something like 3 failed login attempts? > > My Gentoo box is connected to a linksys router connected to my cable > modem, the linksys is doing port forwarding to my gentoo box. Also, I > would like to avoid limiting which IP addresses can log into my SSH > server > > Thanks for any ideas, > James
What you're seeing is a common, automated dictionary style attack. There are several ways to get rid of them. The simplest way is to install fail2ban and it will create firewall rules. The next less-simple way is to change the port sshd listens on. The scripts assume the default of 22. The best way is to change the port sshd listens on, and also move to key based authentication, and disable password based authentication. In this way, even if they got the port, got a real user name, and had the right password, it would not matter -- They haven't got the key. -- gentoo-user@gentoo.org mailing list
