[colug-432] SSH
Rob Funk
rfunk at funknet.net
Thu Mar 10 10:04:52 EST 2011
On Wednesday, March 09, 2011 10:32:26 pm Richard Hornsby wrote:
> I thought there was a way to increasingly slow down multiple failed
> attempts from the same connection, but I'm not seeing it in the
> sshd_config manpage. Maybe xinetd could possibly do this? Even small
> delays can help make it not worth it.
Two useful things here...
fail2ban, which Russ mentioned, will watch your logs and temporarily block
addresses with too many failed login attempts. Just be sure to whitelist
known-good addresses.
http://www.fail2ban.org/
The iptables "recent" module is very useful to slow down access. I have it set
up to limit any host's new connections to my ssh server to twice in a minute.
http://snowman.net/projects/ipt_recent/
In my experience, limiting the frequency of new connections tends to mean that
fail2ban rarely needs to block anybody, since attackers tend to give up and
move on before fail2ban's limits get triggered.
More information about the colug-432
mailing list