Nathan Vidican wrote: > Noted recently in auth.log, a string of connection attempts > repeated/failed over and over from one host - looks like a script > someone's running, tries all kinds of various usernames, etc... attempts > like 100-200 logins, fails and goes away. > > Few hours go by, and another such attempt, from a different IP comes in. > If I'm here and just happen to notice them - simple ipfw add deny... > does the trick, but is there not a way to limit the login attempts for a > certain period of time? > > ie: after 4 failed attempts from IP _BLANK_ in less than _BLANK_ > minutes, deny all attempts and drop connection from said IP... possible? > > Any suggestions/ideas? Thus far, no one has managed to login (there are > only three accounts which even have a shell or can login via ssh... but > still not the point). I'd just like to get rid of the problem and save > my auth.log file for perhaps something more useful ;)
this a FAQ by now :-) some people recommend denyhosts, it's in the ports afaik http://denyhosts.sourceforge.net/faq.html#2_4 i don't use this myself, i prefer the AllowUsers option in sshd.config, and i'm using a ssh-jail anyway with a disabled root-passwd -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"