| 1 |
James Colby wrote: |
| 2 |
> List members - |
| 3 |
> |
| 4 |
> I am running OpenSSH on my home gentoo server. I was examining the |
| 5 |
> log files for OpenSSH and I noticed multiple login attempts from the |
| 6 |
> same IP address but with different user names. Is there a simple way |
| 7 |
> that I can block an IP address from attempting to log in after |
| 8 |
> something like 3 failed login attempts? |
| 9 |
> |
| 10 |
> My Gentoo box is connected to a linksys router connected to my cable |
| 11 |
> modem, the linksys is doing port forwarding to my gentoo box. Also, I |
| 12 |
> would like to avoid limiting which IP addresses can log into my SSH |
| 13 |
> server |
| 14 |
> |
| 15 |
> Thanks for any ideas, |
| 16 |
> James |
| 17 |
|
| 18 |
|
| 19 |
What you're seeing is a common, automated dictionary style attack. There |
| 20 |
are several ways to get rid of them. |
| 21 |
|
| 22 |
The simplest way is to install fail2ban and it will create firewall rules. |
| 23 |
|
| 24 |
The next less-simple way is to change the port sshd listens on. The |
| 25 |
scripts assume the default of 22. |
| 26 |
|
| 27 |
The best way is to change the port sshd listens on, and also move to key |
| 28 |
based authentication, and disable password based authentication. In this |
| 29 |
way, even if they got the port, got a real user name, and had the right |
| 30 |
password, it would not matter -- They haven't got the key. |
| 31 |
-- |
| 32 |
gentoo-user@g.o mailing list |
Archives