1 |
James Colby wrote: |
2 |
> List members - |
3 |
> |
4 |
> I am running OpenSSH on my home gentoo server. I was examining the |
5 |
> log files for OpenSSH and I noticed multiple login attempts from the |
6 |
> same IP address but with different user names. Is there a simple way |
7 |
> that I can block an IP address from attempting to log in after |
8 |
> something like 3 failed login attempts? |
9 |
> |
10 |
> My Gentoo box is connected to a linksys router connected to my cable |
11 |
> modem, the linksys is doing port forwarding to my gentoo box. Also, I |
12 |
> would like to avoid limiting which IP addresses can log into my SSH |
13 |
> server |
14 |
> |
15 |
> Thanks for any ideas, |
16 |
> James |
17 |
|
18 |
|
19 |
What you're seeing is a common, automated dictionary style attack. There |
20 |
are several ways to get rid of them. |
21 |
|
22 |
The simplest way is to install fail2ban and it will create firewall rules. |
23 |
|
24 |
The next less-simple way is to change the port sshd listens on. The |
25 |
scripts assume the default of 22. |
26 |
|
27 |
The best way is to change the port sshd listens on, and also move to key |
28 |
based authentication, and disable password based authentication. In this |
29 |
way, even if they got the port, got a real user name, and had the right |
30 |
password, it would not matter -- They haven't got the key. |
31 |
-- |
32 |
gentoo-user@g.o mailing list |