blocking IPs that try to crack SSH, is portsentry what I want?

To: debian-user@lists.debian.org
Subject: blocking IPs that try to crack SSH, is portsentry what I want?
From: Anonymous <cripto@ecn.org>
Date: Mon, 18 Apr 2005 14:01:28 +0200 (CEST)
Message-id: <[🔎] 4e97dea4574eada7c7d30745f597a71b@ecn.org>

I get loads of this crap in my auth.log file,

Failed password for illegal user root from ...
Failed password for illegal user webmaster from ...
Failed password for illegal user data from ...

sometimes almost 100 attempts in series from the same IP. I
want to install something that will block an offensive IP
indefinitely after a few bad attempts (say 3 or 4 rather
than 1, since I occasionally make typos when logging in!).

Is portsentry the package I want in order to do this?
Is it easy to configure to do what I want?

Thanks!

Reply to:

Follow-Ups:
- Re: blocking IPs that try to crack SSH, is portsentry what I want?
  - From: Keziah W <keziahw@gmail.com>
- Re: blocking IPs that try to crack SSH, is portsentry what I want?
  - From: David Nicholls <hagakure@nildram.co.uk>
- Re: blocking IPs that try to crack SSH, is portsentry what I want?
  - From: "Dr. David Kirkby" <drkirkby@medphys.ucl.ac.uk>

Prev by Date: Re: jigdo Sarge DVD download broken?
Next by Date: acrobat 7 plugin for mozilla/firefox works, and it does not
Previous by thread: Re: mdadm can't find partitions
Next by thread: Re: blocking IPs that try to crack SSH, is portsentry what I want?
Index(es):
- Date
- Thread