Thanks for all your suggestions...
I will look into fail2ban... that might be what I need... While I could
crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this
(AFAIK) will not persist blocks when the server is powered down or rebooted.
I need to retain port 22 and can't easily do port-knocking - since some
of the clients I require to connect to my server are in restrictive
environments. I've another idea too... I'm happy to entirely cut off
all services from any IP that attempts to brute-force SSH passwords...
as it is an unequivocal act of aggression that would not arise with any
legitimate clients... Another aside is that in some restrictive
environments it is hard to securely obtain my private key without first
obtaining a secure off-site connection. For this reason, I prefer to
have the facility to log in using username/password - my compromise is
to make my password extremely complex... plus using a non-obvious
user-id, which again hampers attackers.
While interesting, I don't think the connection rate limiter is for
me... I may want to legitimately make rapid connections at some time or
other. :-)
--
gentoo-user@lists.gentoo.org mailing list