Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: RedHat from 4 -9, Fedora, Ubuntu, Centos 3 - 7, Puppy Linux, and lots of raspberry pi
Posts: 142
Rep:
ssh auto shutdown
Hi
With the increase in ssh scans and attempted break-ins (using test, guest, admin etc usernames), is there a way to get ssh to close down if there are a number of unsuccessful attempts at logging in?
I intend to make ssh available for only a couple of users - and I think I know how to sort that out (sshd_config).
I want it so that if someone did manage to guess a valid username, then sshd would shutdown after a predefined number of failed attempts (ie the password is wrong).
If this was covered elsewhere, I couldn't find it.
With the increase in ssh scans and attempted break-ins (using test, guest, admin etc usernames), is there a way to get ssh to close down if there are a number of unsuccessful attempts at logging in?
I intend to make ssh available for only a couple of users - and I think I know how to sort that out (sshd_config).
I want it so that if someone did manage to guess a valid username, then sshd would shutdown after a predefined number of failed attempts (ie the password is wrong).
If this was covered elsewhere, I couldn't find it.
Thanks
1. Its doubtful that someone will hang around long enough to actually guess an account. These scans test for dumb accounts and dump a rootkit or something. They check for these stupid accounts and if not found, move on. They have better success rates doing that.
2. With a good password, It could take a very long time to brute force an account even on a known login name. Meanwhile, the logs are filling up with failed attempts, and PAM can disable the account if certain # failed tries.
3. Use ssh PK auth with ssh-agent and/or PuTTY agent and config sshd to allow only key auth. That way, if by some miracle, a password is guessed, the connection fails since there is no corresponding key at the other end.
4. Config tcp_wrappers to allow only those users if they have static IP, or by range of their IPs if dynamic. Deny all else. That way you at least eliminate china, russia, canada, texas etc.
There's more, but I think these are good without going to extremes.
This causes pam to lock the user's account after 3 failed attempts. To find failed logins using the pam_tally module, type pam_tally, and to reset, do pam_tally --user user --reset
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.