On Monday, 25.04.2005 at 09:42 -0500, Nick Miller wrote: > I maintain a couple of exim mail servers on the Internet and I have > noticed that a lot of people will try to gain access to these machines > by trying multiple SSH logins with all sorts of names. I am wondering if > there is an option in SSHD to block an IP after a certain amount of > failed login attempts as any user? There are, but it may be simpler to change the port that SSH listens on. The behaviour you're seeing is likely not actually "people", but an automated scan of some sort. Changing SSH port is 'really' more secure (obscurity and all that), but it's an extra layer and, if nothing else, stops your logs getting cluttered with all the failed logins ... Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature