Re: SSH Blocking
Nick Miller wrote:
Hello All,
I maintain a couple of exim mail servers on the Internet and I have
noticed that a lot of people will try to gain access to these machines
by trying multiple SSH logins with all sorts of names. I am wondering if
there is an option in SSHD to block an IP after a certain amount of
failed login attempts as any user?
Thanks for any advice,
More trouble than it's worth. If they're not getting in, they're not
getting in. Limit those who can legitimately login by ssh, insist that
they *must* use strong passwords, and that's the end of it. Do not ever
allow root logins. Don't have simple generic account names like 'guest'.
The well-known account names such as 'mail', 'daemon' and so on cannot
ever login.
If you can limit IP addresses, so much the better. It's probably safe to
say there's a large part of the world from which nobody will ever
legitimately ssh in. Many of the probes come from a few blocks. Blocking
by iptables rather than tcpwrappers will save a little in resources.
Reply to: