also see
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config
and grep for MaxAuthTries and especially for MaxStartups.
jim
Jett Tayer wrote:
Actually i have done this using Juan J. Martinez's ssh_blocker script
which i modified to support IPFilter. The only thing is that it uses
cron to do its job.
I'm actually running it to block brute-force attacks every 3mins and it
works fine. Nothing personal
with using cron but anybody can "tweak" the brute-force script to force
dictionary attacks
on my sshd server say for example 500 times/minute so in 3mins that
would be
1500 user/pass combinations. Compared to using connection-limit, i can
set a threshold
say 10 connections per ipaddress for 5 secs after which that ipaddress
would automatically be blocked.
