Re: Temporarily Disable IP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christian on Thursday 06 Oct 2005 01:15 wrote:
> Ritesh Raj Sarraf schrieb:
>> Hi People,
>>
>> On my servers I'm repeatedly seeing unsuccessful ssh login attempts.
>>
>> Is there a way to temporarily disable such IPs which fail to authenticate
>> ?
>
> you can use sshd's AllowUsers directive, to disable specific hosts/users
> or use /etc/hosts.deny. a firewall will also do. but keep in mind, that
> ip-addresses could be spoofed and passwords could be mistyped too.
>
Yes, and that's my real problem.
I need to allow my clients to have ssh access. I'm not sure if they are
going to use strong passwords. No enforcement.
The attacks are being made using a dictionary, I guess.
For user foo they are trying 100's of combinations.
I was looking for something like,
if 5 unsuccessful ssh logins from IP x
Temporarily Deny IP x
Regards,
rrs
- --
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
research."
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDRFUl4Rhi6gTxMLwRAsVaAJ9uSzdXGweRQqau4j8k0HdjpouiegCeI9dN
TD9Z5wriMvGMl6DyojZt/20=
=w/R0
-----END PGP SIGNATURE-----
Reply to: