1 |
On Tue, Jan 20, 2009 at 4:33 PM, Paul Hartman |
2 |
<paul.hartman+gentoo@×××××.com> wrote: |
3 |
> Hi, |
4 |
> |
5 |
> After setting up public key authentication i changed my sshd back to |
6 |
> port 22 and got the expected bombardment of connection attempts. |
7 |
> However, it doesn't seem to ever stop them. I'm using sshd with this |
8 |
> setting: |
9 |
> |
10 |
> MaxAuthTries 3 |
11 |
> |
12 |
> in my /etc/ssh/sshd_config |
13 |
> |
14 |
> So, why does it allow unlimited failed login attempts? For example, as |
15 |
> I write this I'm seeing this in my logs: |
16 |
> |
17 |
<snip> |
18 |
> |
19 |
> I'm using denyhosts but it seems that it doesn't deny anyone until an |
20 |
> hour has passed, despite the fact I'm using the daemon which |
21 |
> constantly monitors the log file... by which time hundreds or |
22 |
> thousands of attempts can be made. Maybe that's a configuration issue |
23 |
> on my denyhosts setup, but shouldn't sshd be blocking them in the |
24 |
> first place? |
25 |
> |
26 |
> Thanks, |
27 |
> Paul |
28 |
|
29 |
I'm pretty sure MaxAuthTries 3 does nothing more than disconnect you |
30 |
after 3 failed connections (meaning all you have to do is reconnect to |
31 |
keep trying)... it doesn't do any sort of 'intelligent' protection of |
32 |
the system. DenyHosts worked great for me while I used it, but I also |
33 |
found that a firewall rule limiting connection attempts to 3 per |
34 |
source IP per 10 minute period put a big dent in the number of tries |
35 |
that denyhosts ever even had to see (though they were always enough to |
36 |
get that source blacklisted, I had things set rather restrictive). |
37 |
Something I was pointed towards on IRC, in the event that the SSH |
38 |
server you're running is primarily for your use or the use of |
39 |
knowledgeable users (fellow admins)... look up Single Packet |
40 |
Authorization (SPA). |
41 |
|
42 |
-- |
43 |
Poison [BLX] |
44 |
Joshua M. Murphy |