like the several options listed above I think the less fancy you secure your box the better....
really if you want to be able to log in from any number of remote clients like me the best thing
to do is simply change your sshd port. I did that and it solved the problem rather quickly with
little disruption to myself....I don't want to have a key with me...to log in with when I travel.
An option that I considered that nobody mentioned yet is leaving port 22 closed completely
and then use port knocking to open up the port for 20 seconds or so on your IP (however long
you need to log onto the system). The port opens long enough for you to establish a connection
and then closes automatically to any new connections, but still allows established traffic through.
Clever idea and pretty simple to impliment...just google for it...I think there is a gentoo wiki howto
on it as well.
Adios.
On 10/3/05, Christophe Garault
<[EMAIL PROTECTED]> wrote:
Jeremy Brake a écrit :
>Hey all,
>
>I'm looking for an app/script which can monitor for failed ssh logins,
>and block using IPTables for $time after $number of failed logins (an
>exclusion list would be handy as well) so that I can put a quick stop to
>these niggly brute-force ssh "attacks" I seem to be getting more and
>more often.
>
>Anyone have any ideas?
>
>
Yep: emerge fail2ban ( http://sourceforge.net/projects/fail2ban).
It's an excellent script written in python that can monitor all
unsuccessfull logins (ssh, apache)
There's a fail2ban.conf file where you can define many options to
protect you from a Dos.
>Thanks, Jeremy B
>
>
Have a nice day.
--
Christophe Garault
--
[email protected] mailing list
