| 1 |
In addition to fail2ban, look at deny2hosts and sshdfilter. |
| 2 |
|
| 3 |
fire-eyes wrote: |
| 4 |
> James Colby wrote: |
| 5 |
> |
| 6 |
>> List members - |
| 7 |
>> |
| 8 |
>> I am running OpenSSH on my home gentoo server. I was examining the |
| 9 |
>> log files for OpenSSH and I noticed multiple login attempts from the |
| 10 |
>> same IP address but with different user names. Is there a simple way |
| 11 |
>> that I can block an IP address from attempting to log in after |
| 12 |
>> something like 3 failed login attempts? |
| 13 |
>> |
| 14 |
>> My Gentoo box is connected to a linksys router connected to my cable |
| 15 |
>> modem, the linksys is doing port forwarding to my gentoo box. Also, I |
| 16 |
>> would like to avoid limiting which IP addresses can log into my SSH |
| 17 |
>> server |
| 18 |
>> |
| 19 |
>> Thanks for any ideas, |
| 20 |
>> James |
| 21 |
>> |
| 22 |
> |
| 23 |
> |
| 24 |
> What you're seeing is a common, automated dictionary style attack. There |
| 25 |
> are several ways to get rid of them. |
| 26 |
> |
| 27 |
> The simplest way is to install fail2ban and it will create firewall rules. |
| 28 |
> |
| 29 |
> The next less-simple way is to change the port sshd listens on. The |
| 30 |
> scripts assume the default of 22. |
| 31 |
> |
| 32 |
> The best way is to change the port sshd listens on, and also move to key |
| 33 |
> based authentication, and disable password based authentication. In this |
| 34 |
> way, even if they got the port, got a real user name, and had the right |
| 35 |
> password, it would not matter -- They haven't got the key. |
| 36 |
> |
| 37 |
-- |
| 38 |
gentoo-user@g.o mailing list |
Archives