Disable password-based logins (use keys instead), move SSH to another
port, or install some kind of brute force monitor. First two options
are the best, but if for some reason you need to keep it on 22 and
password-based logins then look to a BF monitor. Just make sure you
actually need it..and do some googling, as this gets talked about a
lot (I know, because I asked the same question a few months ago! :)
On 3/31/06, Nathan Vidican <[EMAIL PROTECTED]> wrote:
> Noted recently in auth.log, a string of connection attempts repeated/failed
> and over from one host - looks like a script someone's running, tries all
> of various usernames, etc... attempts like 100-200 logins, fails and goes
> Few hours go by, and another such attempt, from a different IP comes in. If
> here and just happen to notice them - simple ipfw add deny... does the trick,
> but is there not a way to limit the login attempts for a certain period of
> ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ minutes, deny
> all attempts and drop connection from said IP... possible?
> Any suggestions/ideas? Thus far, no one has managed to login (there are only
> three accounts which even have a shell or can login via ssh... but still not
> point). I'd just like to get rid of the problem and save my auth.log file for
> perhaps something more useful ;)
> Nathan Vidican
> [EMAIL PROTECTED]
> Windsor Match Plate & Tool Ltd.
> firstname.lastname@example.org mailing list
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"