> The comments to this Howto are as good as the article... The upshot: > There are lots of ways to do it. Are you using at least one? > > http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts >
Another alternative the the 'recent' iptables matching - I use hashlimit, that seems to work fairly well too. Something like: #limits new connections to 10/minute (by IP) iptables --new conlimit iptables --append conlimit -m hashlimit --hashlimit 10/min \ --hashlimit-mode srcip --hashlimit-htable-gcinterval 36000000 \ --hashlimit-htable-expire 36000000 --hashlimit-name conhash \ -m state --state NEW -j ACCEPT iptables --append conlimit -m state --state ESTABLISHED -j ACCEPT iptables --append conlimit -j REJECT #connection limit ssh externally iptables --append INPUT --proto TCP --dport ssh -j conlimit -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
