Premature termination of SSH connection attempts

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
    I have been collecting SSH server data from my logs, for the last few
months, and it turns out to be the case that the vast majority of break-in
attempts had their origin in China, Taiwan or South Korea (one can't help
but wondering but the problem is with those guys, but that's sociological
issue irrelevant to this group.)

    Since the attempts seem to be crude dictionary attacks, the only thing
that they have achieved has been to leave their data in my logs. I was
wondering whether things could be arranged so that those logs are not even
created in the first place?

    What I would like is for the SSH server (OpenSSH, in this case) to behave
in such a way that, whenever a connection is received from a host at a
blacklisted domain, the connection is simply refused. That is, instead of
completing the SSH handshake, the server terminates the dialog at that

Re: Premature termination of SSH connection attempts

Quoted text here. Click to load it

If your sshd is built with tcpwrappers (most distros do these days)
then you can put "sshd: .cn" into hosts.deny.  See the hosts_access(5)
man page.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline