Re: OpenSSH -- a way to block recurrent login failures?
From: Alpt (alpt_at_freaknet.org)
Date: Tue, 21 Sep 2004 22:44:41 +0200 To: Victor Danilchenko <firstname.lastname@example.org>
On Tue, Sep 21, 2004 at 10:02:22AM -0400, Victor Danilchenko after a spiritual call wrote :
~> We are looking for a way to temporarily block hosts from which
~> we receive a given number of sequential failed login attempts, not
~> necessarily within the same SSH session (so MaxAuthTries is not enough).
~> The best solution I could come up with so far would be to run OpenSSH
~> through TCPWrappers, and set up a log watcher daemon which would edit
~> /etc/hosts.deny on the fly based on the tracked number of failed logins
~> for each logged host.
~> Is there a better solution known for the sort of problems we
~> have been plagued with lately -- repeated brute-force crack attempts
~> from remote hosts? I looked on FreshMeat and I searched the mailing
~> lists, only to come up empty-handed.
Please take a look at:
With a few changes in the patch your problem will be solved.
-- :wq! "I don't know nothing" The One Who reached the Thinking Matter '.' [ Alpt --- Freaknet Medialab ] [ GPG Key ID 441CF0EE ] [ Key fingerprint = 8B02 26E8 831A 7BB9 81A9 5277 BFF8 037E 441C F0EE ]
- application/pgp-signature attachment: stored