Re: throttle ssh logins (OpenSSH sshd)
- From: Randy Yates <yates@xxxxxxxx>
- Date: Sun, 20 Jan 2008 22:11:06 -0500
Unruh <unruh-spam@xxxxxxxxxxxxxx> writes:
Ivar Rosquist <IRosquist@xxxxxxx> writes:
On Fri, 18 Jan 2008 22:42:38 +0000, phil-news-nospam wrote:
On 07 Jan 2008 18:23:10 GMT Alan Strassberg <paleale@xxxxxxxxx> wrote:
| I'm tried of the script kiddies trying ssh logins. | Is
there a way to throttle (say max 3 connections per minute) |
using OpenSSH (4.5p1). I don't see anything in sshd_config for this. |
Or do I need to use tcp wrappers?
A more extreme option is to abandon the well-known port and use a
different port number. I did that, and they have not been bothering the
new port at all. It's not "security by obscurity" because it's not
considered to be a security solution. It is just an attempt to keep my
logs from being so cluttered.
More and more ISPs are doing network management. What this means
is that they will give low priority to (or even block) packets addressed
to non-standard ports - especially when the data in such packets is
encrypted. Which implies that you might be leaving legitimate users out
there in the cold.
Well, you can always use port 80 if your system is not a http host. That is
unlikely to be blocked at least on the outgoing end. Incoming it may be of
course if your ISP does not want you being an http host.
Anyway, I check my logs every 5 min and if I find to many ssh denied from
one IP, I stick them into /etc/hosts with deny.
Eg
sshd: 144.122.0.0/255.255.0.0 217.37.72.233 148.204.196.135 154.20.101.195
157.100.1.23 80.154.33.125 124.115.21.97 81.181.15.1 132.210.39.216
69.73.191.10 140.109.57.18 202.171.152.211 201.67.43.34 200.226.124.15
62.112.194.135 65.111.165.156 60.13.184.4 203.171.236.7 88.37.235.178
200.171.73.215 192.168.0.10 150.185.138.10 208.29.134.206 218.22.16.86
211.238.49.81 195.214.44.139 209.172.32.29 125.70.253.32
123.143.200.110 58.241.84.43 58.242.7.38 125.138.96.19 190.84.252.94
222.122.46.79 218.38.14.204 217.133.10.134 87.194.24.94 84.19.182.51
211.220.209.6 202.70.203.46 140.112.20.131 66.219.107.146 218.70.229.80
61.172.240.104 208.97.99.2 85.14.94.130 221.239.21.2 59.162.66.167
219.145.142.30 85.10.136.111 165.132.124.192 147.32.30.44
195.150.77.247 202.143.132.180 124.30.199.197 59.106.25.63
61.180.85.226 130.88.212.116 218.205.11.58 219.119.139.124
203.200.202.71 202.62.85.179 150.188.15.26 200.167.180.130
200.47.159.121 201.234.32.130 69.67.249.68 65.173.88.239 :deny
(all one line) If there is a danger your users might have trouble you can
put an
sshd: <addresses> : allow
before that line to make sure that your users are not blocked from known
machines.
Then put
sshd: ALL
after that deny line. It is the first line that matches that is used.
Or.... you could just download and run DenyHosts:
http://denyhosts.sourceforge.net
assuming that using a non-standard port is not an option. If a
non-standard port is an option, I can attest that it is a very safe way
to go - I have not seen even one attempt on the port I've assigned, and
I'm able to connect to and from my machine from outside my ISP.
--
% Randy Yates % "How's life on earth?
%% Fuquay-Varina, NC % ... What is it worth?"
%%% 919-577-9882 % 'Mission (A World Record)',
%%%% <yates@xxxxxxxx> % *A New World Record*, ELO
http://www.digitalsignallabs.com
.
- References:
- throttle ssh logins (OpenSSH sshd)
- From: Alan Strassberg
- Re: throttle ssh logins (OpenSSH sshd)
- From: phil-news-nospam
- Re: throttle ssh logins (OpenSSH sshd)
- From: Ivar Rosquist
- Re: throttle ssh logins (OpenSSH sshd)
- From: Unruh
- throttle ssh logins (OpenSSH sshd)
- Prev by Date: Re: throttle ssh logins (OpenSSH sshd)
- Next by Date: Re: Connecting through proxy server
- Previous by thread: Re: throttle ssh logins (OpenSSH sshd)
- Next by thread: Putty Psftp: keyboard-interactive login is supported?
- Index(es):
Relevant Pages
|
|
