SSHD config question

Setheck · 09-16-2005, 08:49 PM

Does anyone know how if there is a certain way of configuring sshd so that after x failed login attempts from the same IP addres it will block the IP address entirely?

Thanks,
Seth

Snowbat · 09-16-2005, 09:25 PM

Netfilter/iptables. See http://blog.andrew.net.au/2005/02/17

Hangdog42 · 09-17-2005, 07:38 AM

Of course another alternative to to move to key-based authentication and eliminate usernames and passwords altogether. If you do want to stick with usernames and passwords, make sure the passowrds are strong and I would definitely use the AllowUsers directive in your sshd config file to limit which users can access via ssh.

Setheck · 09-17-2005, 07:04 PM

I am staying with username/passwords because i want to be able to log in from anywhere even if i don't have an rsa key with me. my passwords are strong but i keep getting HUGE dictionary attacks from china/korea/etc. i keep blocking the IPs but they just keep coming.

Hangdog42 · 09-18-2005, 08:44 AM

And their going to keep coming. At best, blocking IP addresses gives your log system some temporary relief. Security wise, it probably isn't doing anything to substantially improve things. However there is a project aimed at doing what you want.

Quote:

I am staying with username/passwords because i want to be able to log in from anywhere even if i don't have an rsa key with me.

This one is easy. I have a USB thumb drive with the needed software (both Windows and Linux) and keys. As long as you don't lose the USB drive, it works well.