ssh auto shutdown
Hi
With the increase in ssh scans and attempted break-ins (using test, guest, admin etc usernames), is there a way to get ssh to close down if there are a number of unsuccessful attempts at logging in? I intend to make ssh available for only a couple of users - and I think I know how to sort that out (sshd_config). I want it so that if someone did manage to guess a valid username, then sshd would shutdown after a predefined number of failed attempts (ie the password is wrong). If this was covered elsewhere, I couldn't find it. Thanks |
Re: ssh auto shutdown
Quote:
2. With a good password, It could take a very long time to brute force an account even on a known login name. Meanwhile, the logs are filling up with failed attempts, and PAM can disable the account if certain # failed tries. 3. Use ssh PK auth with ssh-agent and/or PuTTY agent and config sshd to allow only key auth. That way, if by some miracle, a password is guessed, the connection fails since there is no corresponding key at the other end. 4. Config tcp_wrappers to allow only those users if they have static IP, or by range of their IPs if dynamic. Deny all else. That way you at least eliminate china, russia, canada, texas etc. There's more, but I think these are good without going to extremes. |
Thanks - that's good advice.
I have bolted ssh down to only 2 users - so am limiting the availability of legal logins. Very interested in your PAM comment. I would be keen to know how I implement the x failed attempts, then shutdown. Conversely, if it does get shut down, is there a way to re-start it at a certain period after shutdown. Is this a cron task? Thanks |
I would'nt go to the trouble of killing the ssh server, just lock the user's account.
Code:
auth required /lib/security/pam_env.so |
Thanks - I will give it a go!
|
All times are GMT -5. The time now is 08:15 PM. |