Re: Temporarily Disable IP
-----BEGIN PGP SIGNED MESSAGE-----
Christian on Thursday 06 Oct 2005 01:15 wrote:
> Ritesh Raj Sarraf schrieb:
>> Hi People,
>> On my servers I'm repeatedly seeing unsuccessful ssh login attempts.
>> Is there a way to temporarily disable such IPs which fail to authenticate
> you can use sshd's AllowUsers directive, to disable specific hosts/users
> or use /etc/hosts.deny. a firewall will also do. but keep in mind, that
> ip-addresses could be spoofed and passwords could be mistyped too.
Yes, and that's my real problem.
I need to allow my clients to have ssh access. I'm not sure if they are
going to use strong passwords. No enforcement.
The attacks are being made using a dictionary, I guess.
For user foo they are trying 100's of combinations.
I was looking for something like,
if 5 unsuccessful ssh logins from IP x
Temporarily Deny IP x
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
-----END PGP SIGNATURE-----