Re: SSH Blocking
On Mon, 25 Apr 2005 16:50:07 +0200, Nick Miller <nick@pressenter.com> wrote:
>Hello All,
>
> I maintain a couple of exim mail servers on the Internet and I have
>noticed that a lot of people will try to gain access to these machines
>by trying multiple SSH logins with all sorts of names. I am wondering if
>there is an option in SSHD to block an IP after a certain amount of
>failed login attempts as any user?
>
>Thanks for any advice,
>-Nick
>
<snip>
If you want to elimintate the possibility that one of these scans and/or login
attempts will eventually succeed (unlikely if you use good passwords), then
disable root login to ssh and disable password based logins.
( /etc/ssh/sshd_config )
# Authentication:
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no
The windows ssh client PuTTY.exe will easily fit on a floppy disk (368KB) and
the private key half of a private/public key pair should consume around 2KB (for
a total of 370KB) Of course, I personally prefer to keep my stuff on a USB
thumbdrive as they seem to be much more reliable than floppies.
Anyhow, this will solve the whole problem of a remote attacker being able to get
into the box via SSH and a guessed password, yet still allow you to easily
access your own machine from anywhere.
http://www-106.ibm.com/developerworks/library/l-keyc.html has a really good
tutorial on how to get the whole thing setup.
I understand that this isn't EXACTLY what you asked for (blocking IPs), but it
will accomplish the same end result (keeping nasties out of your system)
Reply to: