1 |
In addition to fail2ban, look at deny2hosts and sshdfilter. |
2 |
|
3 |
fire-eyes wrote: |
4 |
> James Colby wrote: |
5 |
> |
6 |
>> List members - |
7 |
>> |
8 |
>> I am running OpenSSH on my home gentoo server. I was examining the |
9 |
>> log files for OpenSSH and I noticed multiple login attempts from the |
10 |
>> same IP address but with different user names. Is there a simple way |
11 |
>> that I can block an IP address from attempting to log in after |
12 |
>> something like 3 failed login attempts? |
13 |
>> |
14 |
>> My Gentoo box is connected to a linksys router connected to my cable |
15 |
>> modem, the linksys is doing port forwarding to my gentoo box. Also, I |
16 |
>> would like to avoid limiting which IP addresses can log into my SSH |
17 |
>> server |
18 |
>> |
19 |
>> Thanks for any ideas, |
20 |
>> James |
21 |
>> |
22 |
> |
23 |
> |
24 |
> What you're seeing is a common, automated dictionary style attack. There |
25 |
> are several ways to get rid of them. |
26 |
> |
27 |
> The simplest way is to install fail2ban and it will create firewall rules. |
28 |
> |
29 |
> The next less-simple way is to change the port sshd listens on. The |
30 |
> scripts assume the default of 22. |
31 |
> |
32 |
> The best way is to change the port sshd listens on, and also move to key |
33 |
> based authentication, and disable password based authentication. In this |
34 |
> way, even if they got the port, got a real user name, and had the right |
35 |
> password, it would not matter -- They haven't got the key. |
36 |
> |
37 |
-- |
38 |
gentoo-user@g.o mailing list |