Bob Proulx wrote:
Matt Peter wrote:I'd like to be able to IP ban these connections after a set number of failed login attempts.Of course you suggestion to put this on a non-standard port leads me to believe this is just for you and no one else though so that might be fine in that case. Personally I would just ignore it in the logs.
The log floods get annoying after a while, so I'm using the ipt_recent module (CONFIG_IP_NF_MATCH_RECENT) to rate-limit incoming attempts to port 22 - more than three times in 60 seconds results in a 60-second ban from the source IP to that port. A nice startup script that can be used as a starting point can be found at:
<http://www.linode.com/forums/viewtopic.php?p=6935#6935>Note, however, that your policy on the INPUT chain must be set to ACCEPT, so if you normally use DROP or REJECT, you'll need to change the policy and add a catch-all rule to drop or reject connections accordingly.
I also have switched to using public key authentication exclusively, so password guessers won't work anyway.
Russ