denyhosts keeps track of failures and locks ips out.
petter chubb mentioned a three strikes and youre out policy.
denyhosts you can choose this threshold, you can also choose for how
long the ip is 'out' (which helps to keep the list size down).
Using keys myself, and very occasionally passwords - i have two strikes
youre out, with 2 week ban time.
Dean
Rick Welykochy wrote:
Dean Hamstead wrote:
Denyhosts is a great daemon/cronscript that will manage hosts.allow
for your ssh server. you can set thresholds and instant triggers etc
which will result in that ip being blocked.
Also, can't one use a TCP wrapper with ssh? Either way, it does compromise
one of the beauties of working on the Internet. When I head up north
for a break, for example, and need to access the server, heaven knows
what my IP will be when away from home.
There is a "door knocking" technique that was discussed a couple of years
ago on this list to allow you to "tap tap tap" the server ask it to
let you in temporarily. More work of course.
Also, you could turn off password auth and just use keys.
Yup. Great idea.
cheers
rickw
--
http://fragfest.com.au
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
