Nathan Vidican wrote:
> Noted recently in auth.log, a string of connection attempts
> repeated/failed over and over from one host - looks like a script
> someone's running, tries all kinds of various usernames, etc... attempts
> like 100-200 logins, fails and goes away.
> 
> Few hours go by, and another such attempt, from a different IP comes in.
> If I'm here and just happen to notice them - simple ipfw add deny...
> does the trick, but is there not a way to limit the login attempts for a
> certain period of time?
> 
> ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_
> minutes, deny all attempts and drop connection from said IP... possible?
> 
> Any suggestions/ideas? Thus far, no one has managed to login (there are
> only three accounts which even have a shell or can login via ssh... but
> still not the point). I'd just like to get rid of the problem and save
> my auth.log file for perhaps something more useful ;)

this a FAQ by now :-)

some people recommend denyhosts, it's in the ports afaik
http://denyhosts.sourceforge.net/faq.html#2_4

i don't use this myself, i prefer the AllowUsers option in sshd.config,
and i'm using a ssh-jail anyway with a disabled root-passwd

-- 
grtjs, albi
gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to