Re: SSH Blocking

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: SSH Blocking
From: "Todd A. Jacobs" <nospam@codegnome.org>
Date: Mon, 25 Apr 2005 19:18:29 -0700
Message-id: <[🔎] 20050426021829.GD14149@penguin.codegnome.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 426D01F2.4000900@pressenter.com>
References: <[🔎] 426D01F2.4000900@pressenter.com>

On Mon, Apr 25, 2005 at 09:42:58AM -0500, Nick Miller wrote:

>  machines by trying multiple SSH logins with all sorts of names. I am
>  wondering if there is an option in SSHD to block an IP after a
>  certain amount of failed login attempts as any user?

I don't think so, at least not directly, although you may want to check
the various PAM options. Your best bet is to block IPs performing
portscans. I highly recommend installing portsentry for this purpose.

You may be able to gain this functionality through the use of xinetd, if
you opt to spawn sshd out of xinetd instead of daemonizing it. I don't
know how effective that would be, and you might be opening yourself up
to a DoS risk if you make throttling too aggressive.

In a more practical vein, I'd be sure to disable root login via SSH.
Even better, disable password logins altogether and *require* public key
authentication to connect.

Basically, security is always a trade-off between usability and
protection. It's a continuum, and you can't have 100% of both.

-- 
Find my Techno-Geek Journal at http://www.codegnome.org/geeklog/

Reply to:

References:
- SSH Blocking
  - From: Nick Miller <nick@pressenter.com>

Prev by Date: Re: login problems
Next by Date: Re: login problems
Previous by thread: Re: SSH Blocking
Next by thread: Re: SSH Blocking
Index(es):
- Date
- Thread