[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH Blocking

On Mon, Apr 25, 2005 at 10:03:29AM -0700, Alvin Oga wrote:


On Mon, 25 Apr 2005, Nick Miller wrote:
I maintain a couple of exim mail servers on the Internet and I have noticed that a lot of people will try to gain access to these machines by trying multiple SSH logins with all sorts of names. I am wondering if there is an option in SSHD to block an IP after a certain amount of failed login attempts as any user? 

- you should be disallowing ALL ssh connections to begin with
	and disallow remote ssh loing as root

- you should only allow ssh login from ip# that you know about


I believe this is a case where practicality trumps security. Most people
I know, including myself, use SSH as the only available administration
method for a remote server and need access to said server whether it is
from home, the local coffee shop, or an airport lobby, and who do not
always have a VPN available.

Additionally there are often end users who need remote access for
various computing tasks who also have similar problems.

A better solution is to probably have (and enforce) a good password policy,
and if the remote login attempts are really that troublesome, look into
some of the various firewall based solutions. A recent thread in DU went
over a few methods of temporarily or permanent dropping connections from
IP addresses that resulted in a large number of failed ssh attempts. I
suggest searching the archives.

--
Steve Block
http://ev-15.com/
http://www.steveblock.com/
scblock@ev-15.com
Reply to: