Re: SSH Blocking

To: debian-user@lists.debian.org
Subject: Re: SSH Blocking
From: Joe <joe@jretrading.com>
Date: Mon, 25 Apr 2005 19:35:45 +0100
Message-id: <[🔎] d4jd7m$kbm$1$830fa795@news.demon.co.uk>
In-reply-to: <3Xd4r-8nX-3@gated-at.bofh.it>
References: <[🔎] 426D01F2.4000900@pressenter.com>

Nick Miller wrote:

Hello All,
I maintain a couple of exim mail servers on the Internet and I havenoticed that a lot of people will try to gain access to these machinesby trying multiple SSH logins with all sorts of names. I am wondering ifthere is an option in SSHD to block an IP after a certain amount offailed login attempts as any user?
Thanks for any advice,

More trouble than it's worth. If they're not getting in, they're notgetting in. Limit those who can legitimately login by ssh, insist thatthey *must* use strong passwords, and that's the end of it. Do not everallow root logins. Don't have simple generic account names like 'guest'.The well-known account names such as 'mail', 'daemon' and so on cannotever login.

If you can limit IP addresses, so much the better. It's probably safe tosay there's a large part of the world from which nobody will everlegitimately ssh in. Many of the probes come from a few blocks. Blockingby iptables rather than tcpwrappers will save a little in resources.

Reply to:

References:
- SSH Blocking
  - From: Nick Miller <nick@pressenter.com>

Prev by Date: Re: Anacron running very frequently
Next by Date: Re: Need Help-YMF724F Sound Card And ALSA
Previous by thread: Re: SSH Blocking
Next by thread: Re: SSH Blocking
Index(es):
- Date
- Thread