| Linode Forum https://forum.linode.com/ |
|
| Block IP after x failed ssh login attempts... https://forum.linode.com/viewtopic.php?f=19&t=1177 |
Page 1 of 1 |
| Author: | shunchu [ Sat Sep 18, 2004 6:43 am ] |
| Post subject: | Block IP after x failed ssh login attempts... |
Hi, How do I block an IP address after x number of failed ssh login attempts? Any scripts handy I can just plug right in? It'd be great to be able to get an email upon such incident as well... thanks.... |
|
| Author: | cederberg [ Sun Sep 19, 2004 3:21 am ] |
| Post subject: | Log monitoring and/or port knocking |
I haven't got anything handy for automatically blocking IPs, but if you want to be warned about invalid login attempts try installing and configuring a log monitor. I'm using Tenshi on Gentoo, but there are several others as well. If you are worried about attacks to ssh, consider configuring it with certificates or create a "double protection" solution with port knocking. The latter way, all IPs not sending the right knocking sequence are blocked. See http://www.zeroflux.org/knock/ for a simple server & client. |
|
| Author: | asura [ Sun Sep 19, 2004 4:00 pm ] |
| Post subject: | |
I disabled the ability for root to SSH in (I can still SSH in and then SU to root if needed). I also have portsentry installed, which detects any port scans and blocks the IP via iptables. |
|
| Author: | shunchu [ Mon Sep 20, 2004 1:58 pm ] |
| Post subject: | |
Thanks for the tips... I am going to force myself to live without root login and just do su then... In the meantime, I will investigate on Tenshi as well... Thanks! |
|
| Author: | rjp [ Mon Sep 20, 2004 2:22 pm ] |
| Post subject: | |
You can also switch to using RSA keys instead of passwords. In the sshd_config file, you can use PermitRootLogin without-password, in conjunction with a /root/.ssh/authorized_keys file, to allow root access using the RSA key only. I've gone even further and only allow RSA for any connections, root or non-root. It's not a bad idea to check the sshd and sshd_config man pages to see the available options. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|