Re: Package to block random SSH login attempts?
On Sat, 4 Dec 2004 14:50:24 -0700
"s. keeling" <keeling@spots.ab.ca> wrote:
> Incoming from Adam Rosi-Kessel:
> > Is there any Debian package (or free software outside of Debian)
> > that can detect random ssh login attempts and blacklist (temporarily
> > or permanently) the IP address?
>
> fwlogwatch purports to be able to do this (I haven't tried this
> feature; ymmv). However, wouldn't it make more sense to simply limit
> ssh to accept login attempts only from IPs you (or your users?) might
> be coming from?
Limiting login to certain ips tremendously decreases flexibility. Things
such as remote admin from a dynamic ip, users on the road (or even being
on the road yourself, etc). If you're strictly doing it in a work
environment where you only access the servers from your own network,
you're extremely fortunate. I rarely have that pleasure.
This is Linux, where we're supposed to be able to have a server
accessible to the world without having to worry about who can get in.
Ok, so a good password should prevent the need for worry, but I still
believe there should be an easier way than simply restricting ssh access
to certain ips.
To the OP, you might check out the following thread on the same subject
from a couple months ago. It has a good stop-gap measure (pam) along
with a couple more detailed solutions if you don't mind recompiling your
kernel. The thread can be found at:
http://lists.debian.org/debian-user/2004/09/msg03580.html
HTH,
Jacob
Reply to: