Re: SSH Blocking
On Mon, 25 Apr 2005, Nick Miller wrote:
> I maintain a couple of exim mail servers on the Internet and I have
> noticed that a lot of people will try to gain access to these machines
> by trying multiple SSH logins with all sorts of names. I am wondering if
> there is an option in SSHD to block an IP after a certain amount of
> failed login attempts as any user?
- you should be disallowing ALL ssh connections to begin with
and disallow remote ssh loing as root
- you should only allow ssh login from ip# that you know about
- use /etc/hosts.deny to deny everything
ALL:ALL
- use /etc/hosts.allow to allow incoming ssh from ip# you trust
sshd: 192.168.1.1 w.x.y.z
- even you, knowing your login and passwd, will not be able to
log into the system if you turn on tcpwrappers for ssh
c ya
alvin
Reply to: