Limiting login SSH attempts?

Fred puissante at lrc.puissante.com
Sun Aug 29 21:52:01 EDT 2004


On Sun, 2004-08-29 at 18:56, Bill McGonigle wrote:
> Hi, guys,
> 
> Does anybody have a good recipe for limiting ssh login attempts perIP?
> The latest openssh has a limit on a per-connection basis but I needto
> stop 3000 attempts per day coming in on discreet connections.  
> Thesource IP isn't fixed.
> I'll be using portsentry as well but since sshd is listening itdoesn't
> help this problem.  An IDS would flag it, but I want to shutdown the
> IP that has more than, say 10, failures per day.  I'd like todo it
> locally, as opposed to a contrived script set launched by theIDS.
> It seems like something that ought to be straightforward andfrequently
> used but I didn't have much luck searching the mailinglists or
> Google.  I'm probably missing something obvious.

You could set up a script run by a cron job to check the logs for ssh
periodically, and take action when it sees unusual activity coming from
an IP address. Or better yet, you wouldn't even need a cron if you had a
script responding to the output of tail -f

-- 
Fred -- fred at lrc.puissante.com -- place "[hey]" in your subject.
There are inflows and outflows -- and you're just a little node.





More information about the gnhlug-discuss mailing list