Re: Temporarily Disable IP
also, changing the default port for the ssh greatly (100%) alleviates
such bruteforcing and most important, the side effects. i've seen
smaller machines (2xPII500) to go "high" loadavg only from this...
errr.. usage. which is a problem in most cases - the tools used to brute
force seems to be quite dumb and are eating up bandwith and cpu.
changing the port is good "first aid".
Markus Beck wrote:
On Thu, 06 Oct 2005 04:05:04 +0530
Ritesh Raj Sarraf <email@example.com> wrote:
I need to allow my clients to have ssh access. I'm not sure if they
are going to use strong passwords. No enforcement.
The attacks are being made using a dictionary, I guess.
For user foo they are trying 100's of combinations.
I was looking for something like,
if 5 unsuccessful ssh logins from IP x
Temporarily Deny IP x
I think playing with LoginGraceTime is a better solution for this
problem preventing e.g. the risk of a denial of service with spoofed
addresses. Besides, encouraging users to use strong passwords is a must
(I know a guy who is quite good in guessing passwords - once he guessed
a password of a user in the 1st try by hand (not using a dictionary and
the password wasn't the users name)).
Additionally, most dictionary attacks on ssh focus on
ssh-implementations not for Linux that come up with some