Matt Peter wrote:
I'm receiving a few hundred failed ssh login attempts per day. I'm
not worried about it, since they appear automated and ssh is locked
down appropriately. I'd like to be able to IP ban these connections
after a set number of failed login attempts. I'd rather not put ssh
on a nonstandard port since I'd need to specify it on the cli every
time I ssh (right?).
Does anything have any insight into how I might go about achieving this?
You could also investigate 'port knocking.' Basically whaat this means
is that you stop the sshd entirely and you have another process running
that waits for a specific group of connections and then it spawns the
sshd daemon and allows connection from the ip address that 'knocked.'
The knock doesn't give any kind of response other than enabling ssh for
the ip address so anyone scanning the machine will simply get dropped
connections for those ports. I am having a similar issue to yours and I
believe port knocking to be a viable solution, just haven't had the time
to implement it.
Good luck,
Craig Russell
AirDigitalNetwork.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
