LinuxQuestions.org - Autoban for Personal SSH Server

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Autoban for Personal SSH Server (https://www.linuxquestions.org/questions/linux-security-4/autoban-for-personal-ssh-server-770535/)

dudeman41465

11-20-2009 08:22 PM

Autoban for Personal SSH Server

I have SSH running on my personal home server so if I need to make a change, create an ftp username for somebody, or just troubleshoot it when my wife calls and says the printer isn't working. However I've noticed my log file is getting crammed with failed login attempts. Is there a way to have my server automatically ban a host/IP after a given number of failed logon attempts?

Edit: It's running Ubuntu Server 9.10 with the default ufw firewall.

MS3FGX

11-20-2009 08:47 PM

There are a number of ways to do this, but I have personally been using DenyHosts on my servers for awhile. As the name suggests, it adds IPs to hosts.deny when they hit certain limits on failed login attempts.

What I like the most is that it can optionally pull down an updated list of IPs that other DenyHosts installations reported as running an attack on them. So in theory you should be able to prevent many attacks before they even start.

tredegar

11-21-2009 06:10 AM

This is discussed at length (with solutions) in the sticky thread on this page.

All times are GMT -5. The time now is 11:58 PM.