Le 5 févr. 2013 23:03, "Bartek Krajnik" <[email protected]> a écrit : > > Hi, > For ssh login attempts you can use program authfail (after 4 wrong login attempts it adds proper IP to netfilter with DROP rule sending notification to IP class owner from whois database).
It sounds a bit overkill. Am I the only one sometimes typing my password incorrectly because I forgot it? Fail2ban does pretty much the same job but only ban for a few minutes. It's just a way to slow down bruteforce. Having 20 guesses per 10 minutes makes a bruteforce useless if the passwords are decent. And it will not annoy too much your users but will annoy stupid bots. -- Jérémie Marguerie
