On Mon, 5 Mar 2007, Peter MacFarlane wrote: > You should really have a firewall that filters out most of these going to the > Internet. As a general rule, only open to the outside what is required for > access. That is the best default for security. There is an application or > option you can add to your Linux server that cuts off ssh login attempts from > an IP after so many attempts. I don't know what it is at the moment but I saw > it used. Works well.
There are a few. They do not all "work well" in serious deployments with for example LDAP authorization. For "single servers" they work okay. A popular one is http://denyhosts.sourceforge.net/ I don't like the approach much, because it is based on reading the logfiles. I prefer a solution that is based on a pam plugin, so you can act independantly of logfiles, such as http://www.hexten.net/pam_abl/ Be aware that I *have* expirienced pam_abl blocking legitimate logins in complex auth scenarios, so don't try this on remote servers without testing first. Paul
