The ufw frontend to iptables has an easy 'limit' command that automates much of the tedium of installing firewall rulesets by hand. This will address specific IPs doing brute-force login attempts but distributed brute-force login attempts won't be affected.
There's also a pam_faildelay(8) module that does rate-limiting of users on authentication failure. ssh specifically is far safer when password authentication is just not allowed; ssh keys are not useful to brute-force. Set "PasswordAuthentication no" in /etc/ssh/sshd_config. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1628926 Title: Postpone login attempts if X successive attempts have failed Status in openssh package in Ubuntu: Incomplete Bug description: ** This is a feature request that regards to security. ** Please add to the login method a mechanism that postpones successive login attempts if X attempts have failed. Obviously this can be further enhanced - for example: If X successive login attempts failed, then disable that specific login method for that specific user for Y minutes. If Y minutes have passed and the additional successive attempts failed again - then disable that specific login method for that specific user for 2*Y minutes. And so on... Values of X and Y should be configured by the 'root' user. Benefits: greatly reduces the risk of remotely brute-forcing the password. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1628926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
