Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Xinming He
December 26, 2005, 10:34 pm
rate this thread
using various usernames everyday from malicious hosts (averaging about 1000
attempts from each distinct client IP address).
Does anyone know if there is a way to restict the number or rate of
unsuccessful login attempts per client IP address? For example, configure
ssh server to accept only one ssh connection request per minute from the
same client IP address. Thanks very much.
Re: restrict ssh access
This is something I picked up at some newsgroup not long ago.
# This is a deterrent against SSH breakin attempts. Without this, /var/log/
# messages tends to get flooded by traces from such attempts. The last two
# lines of this script prevent such attempts to take place more frequently
# than every 15 seconds. Effectively, a failed SSH login attempt from a given
# IP address results in any further SSH login attempts from that address to
# be summarily dismissed for 15 seconds. The first line in the script just
# that this mechanism is not to be used for our internal network.
iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent
--update --seconds 15 -j DROP
iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --set
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum