On Tue, Jan 20, 2009 at 5:47 PM, Etaoin Shrdlu <[email protected]> wrote: > On Tuesday 20 January 2009, 22:33, Paul Hartman wrote: >> Hi, >> >> After setting up public key authentication i changed my sshd back to >> port 22 and got the expected bombardment of connection attempts. >> However, it doesn't seem to ever stop them. I'm using sshd with this >> setting: >> >> MaxAuthTries 3 >> >> in my /etc/ssh/sshd_config >> >> So, why does it allow unlimited failed login attempts? For example, as >> I write this I'm seeing this in my logs: >> >> Jan 20 14:54:38 [sshd] Invalid user ejin from 72.70.42.36 >> Jan 20 14:54:39 [sshd] Invalid user core from 72.70.42.36 >> [cut] > > What MaxAuthTries does is just start logging the failed attempts when > they reach ( value / 2 ). > > MaxAuthTries > Specifies the maximum number of authentication attempts > permitted per connection. Once the number of failures > reaches half this value, additional failures are logged. > The default is 6.
Hi, I use this http://www.go2linux.org/fail2ban-secure-linux-services-from-brute-forces-attacks or this http://www.go2linux.org/denyhosts-secure-your-linux-against-dictionary-attacks you may also want to read this: http://www.go2linux.org/disable-ssh-root-direct-login > > > > -- Guillermo Garron "Linux IS user friendly... It's just selective about who its friends are." (Using Ubuntu, Debian, Gentoo) http://feeds.feedburner.com/go2linux http://www.go2linux.org
