| 1 |
On Tue, Jan 20, 2009 at 4:33 PM, Paul Hartman |
| 2 |
<paul.hartman+gentoo@×××××.com> wrote: |
| 3 |
> Hi, |
| 4 |
> |
| 5 |
> After setting up public key authentication i changed my sshd back to |
| 6 |
> port 22 and got the expected bombardment of connection attempts. |
| 7 |
> However, it doesn't seem to ever stop them. I'm using sshd with this |
| 8 |
> setting: |
| 9 |
> |
| 10 |
> MaxAuthTries 3 |
| 11 |
> |
| 12 |
> in my /etc/ssh/sshd_config |
| 13 |
> |
| 14 |
> So, why does it allow unlimited failed login attempts? For example, as |
| 15 |
> I write this I'm seeing this in my logs: |
| 16 |
> |
| 17 |
<snip> |
| 18 |
> |
| 19 |
> I'm using denyhosts but it seems that it doesn't deny anyone until an |
| 20 |
> hour has passed, despite the fact I'm using the daemon which |
| 21 |
> constantly monitors the log file... by which time hundreds or |
| 22 |
> thousands of attempts can be made. Maybe that's a configuration issue |
| 23 |
> on my denyhosts setup, but shouldn't sshd be blocking them in the |
| 24 |
> first place? |
| 25 |
> |
| 26 |
> Thanks, |
| 27 |
> Paul |
| 28 |
|
| 29 |
I'm pretty sure MaxAuthTries 3 does nothing more than disconnect you |
| 30 |
after 3 failed connections (meaning all you have to do is reconnect to |
| 31 |
keep trying)... it doesn't do any sort of 'intelligent' protection of |
| 32 |
the system. DenyHosts worked great for me while I used it, but I also |
| 33 |
found that a firewall rule limiting connection attempts to 3 per |
| 34 |
source IP per 10 minute period put a big dent in the number of tries |
| 35 |
that denyhosts ever even had to see (though they were always enough to |
| 36 |
get that source blacklisted, I had things set rather restrictive). |
| 37 |
Something I was pointed towards on IRC, in the event that the SSH |
| 38 |
server you're running is primarily for your use or the use of |
| 39 |
knowledgeable users (fellow admins)... look up Single Packet |
| 40 |
Authorization (SPA). |
| 41 |
|
| 42 |
-- |
| 43 |
Poison [BLX] |
| 44 |
Joshua M. Murphy |
Archives