Limiting login SSH attempts?
Fred
puissante at lrc.puissante.com
Sun Aug 29 21:52:01 EDT 2004
On Sun, 2004-08-29 at 18:56, Bill McGonigle wrote:
> Hi, guys,
>
> Does anybody have a good recipe for limiting ssh login attempts perIP?
> The latest openssh has a limit on a per-connection basis but I needto
> stop 3000 attempts per day coming in on discreet connections.
> Thesource IP isn't fixed.
> I'll be using portsentry as well but since sshd is listening itdoesn't
> help this problem. An IDS would flag it, but I want to shutdown the
> IP that has more than, say 10, failures per day. I'd like todo it
> locally, as opposed to a contrived script set launched by theIDS.
> It seems like something that ought to be straightforward andfrequently
> used but I didn't have much luck searching the mailinglists or
> Google. I'm probably missing something obvious.
You could set up a script run by a cron job to check the logs for ssh
periodically, and take action when it sees unusual activity coming from
an IP address. Or better yet, you wouldn't even need a cron if you had a
script responding to the output of tail -f
--
Fred -- fred at lrc.puissante.com -- place "[hey]" in your subject.
There are inflows and outflows -- and you're just a little node.
More information about the gnhlug-discuss
mailing list