On May 6, 2008, at 10:57, Randy Ramsdell wrote:
David Kelly wrote:
I used portsentry several years ago which is a realtime portscan
blocker. It would trigger on this type of ssh portscan for sure. One
problem is that it blocks using firewall rules, hosts.deny etc...
and would have to be actively maintained. Meaning: I cleaned these
entries once a week. I am not sure it is ported to BSD either.
On Tue, May 06, 2008 at 09:31:15AM -0800, Beech Rintoul wrote:
Is there a way to configure SSHd, so that the wait time between
login attempts increases after X failed tries?
Not that I know of. You should look into denyhosts (in the ports) it
works well and even has a RBL feature to block some of these script
kiddies proactively. Unfortunately, these attempts have become a
of life. I probably get 20 - 30 attempts a day between my various
Depending on how you use ssh from external systems you could add
firewall rules to disallow all but known sources.
Another option is to change the port SSH uses to some very unusual
port. I do this on all the systems I use and change the port settings
in ssh.conf and sshd.conf. This approach works if you don't have lots
of users using SSH as it does require some sophistication to work with
it. Since I have only 3 people who can use SSH it works great for me.
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"