In addition to fail2ban, look at deny2hosts and sshdfilter.
fire-eyes wrote:
James Colby wrote:
List members -
I am running OpenSSH on my home gentoo server. I was examining the
log files for OpenSSH and I noticed multiple login attempts from the
same IP address but with different user names. Is there a simple way
that I can block an IP address from attempting to log in after
something like 3 failed login attempts?
My Gentoo box is connected to a linksys router connected to my cable
modem, the linksys is doing port forwarding to my gentoo box. Also, I
would like to avoid limiting which IP addresses can log into my SSH
server
Thanks for any ideas,
James
What you're seeing is a common, automated dictionary style attack. There
are several ways to get rid of them.
The simplest way is to install fail2ban and it will create firewall rules.
The next less-simple way is to change the port sshd listens on. The
scripts assume the default of 22.
The best way is to change the port sshd listens on, and also move to key
based authentication, and disable password based authentication. In this
way, even if they got the port, got a real user name, and had the right
password, it would not matter -- They haven't got the key.
--
[email protected] mailing list
