Hi All, Can you please advise what I could do to block IP addresses that have repeatedly failed to log in? I am looking here at a server which over the last week is being attacked daily with random usernames. So the only constant in these repeated attempts is not the username, but the IP address. Occasionally, the odd service name (e.g. rpc, mysql, postgres, etc.) repeats itself, otherwise they seem to be randomly selected from a dictionary.
I have already disabled PAM authentication on sshd so that only users with a public key in their ~/.ssh can login. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.