Hmmm... Misunderstood your question.
Not sure if this would work for you- will mention it just in case...
...I handle this one by allowing Public Key authentication only:
# Upload a public key and disable other authentication methods
# in /etc/ssh/sshd_config:
ChallengeResponseAuthentication no
KbdInteractiveAuthentication no
PasswordAuthentication no
On Mon, Feb 20, 2017, at 01:20 PM, J. Fahrner wrote:
> Am 20.02.2017 um 18:56 schrieb pjc...@fastmail.fm:
> > Apache "Mod Evasive" can be configured to block based on rate
> > (those scans are coming in at a rate of more than ten per second,
> > apparently).
>
> Hi pjc904,
> portscans have nothing to do with Apache. A portscan is, when someone
> tries to find open ports on your system, and then tries to break in
> using vulnerities of the service behind that port. Most likely they are
> searching for ssh, telnet or ftp services to break in. To detect such
> scans I closed all ports at the firewall (except those that I need) and
> log attempts to connect. After 3 failures I ban the scanning host for 1
> hour. My ssh daemon runs on a non-standard port, so it's likely that I
> detect attempts to break in through ssh.
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
