[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

howto block ssh brute-force


once in a while (say, every two weeks) I get a brute-force
login/password scan attempt in my server (i.e., a single ip tries
dictionary account names and passwords at random). SSH access is
needed by many users, and  (RSA/DSA key)-only access is, at present
time, unwanted. So far none such attempt was lucky (to my knowlege),
but it always gives me creeps when I see unusually big logwatch
reports, and my contacts to sysadmins of originating networks are
usually ignored.

Any ideas?

Maybe there is a way to temporarily block ips upon such attempts (is
this a FAQ?), or maybe divert them like what portsentry does for

Reply to: