[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Temporarily Disable IP



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christian on Thursday 06 Oct 2005 01:15 wrote:

> Ritesh Raj Sarraf schrieb:
>> Hi People,
>> 
>> On my servers I'm repeatedly seeing unsuccessful ssh login attempts.
>> 
>> Is there a way to temporarily disable such IPs which fail to authenticate
>> ?
> 
> you can use sshd's AllowUsers directive, to disable specific hosts/users
> or use /etc/hosts.deny. a firewall will also do. but keep in mind, that
> ip-addresses could be spoofed and passwords could be mistyped too.
> 

Yes, and that's my real problem.

I need to allow my clients to have ssh access. I'm not sure if they are
going to use strong passwords. No enforcement.

The attacks are being made using a dictionary, I guess.
For user foo they are trying 100's of combinations.

I was looking for something like,
if 5 unsuccessful ssh logins from IP x
        Temporarily Deny IP x

Regards,

rrs
- -- 
Ritesh Raj Sarraf
RESEARCHUT -- http://www.researchut.com
Gnupg Key ID: 04F130BC
"Stealing logic from one person is plagiarism, stealing from many is
research."
"Necessity is the mother of invention."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDRFUl4Rhi6gTxMLwRAsVaAJ9uSzdXGweRQqau4j8k0HdjpouiegCeI9dN
TD9Z5wriMvGMl6DyojZt/20=
=w/R0
-----END PGP SIGNATURE-----



Reply to: