OpenSSH -- a way to block recurrent login failures?
From: Victor Danilchenko (danilche_at_cs.umass.edu)
Date: Tue, 21 Sep 2004 10:02:22 -0400 (EDT) To: email@example.com
We are looking for a way to temporarily block hosts from which
we receive a given number of sequential failed login attempts, not
necessarily within the same SSH session (so MaxAuthTries is not enough).
The best solution I could come up with so far would be to run OpenSSH
through TCPWrappers, and set up a log watcher daemon which would edit
/etc/hosts.deny on the fly based on the tracked number of failed logins
for each logged host.
Is there a better solution known for the sort of problems we
have been plagued with lately -- repeated brute-force crack attempts
from remote hosts? I looked on FreshMeat and I searched the mailing
lists, only to come up empty-handed.
Thanks in advance,
-- | Victor Danilchenko +---------------------+ | firstname.lastname@example.org | He who laughs last, | | CSCF | 5-4231 | thinks slowest. |