Date: Tue, 05 Jul 2005 12:02:40 +0100 From: Edward <ep_lists@peckham.me.uk> To: John Cholewa <freebsd-questions@jc-news.com> Cc: freebsd-questions@freebsd.org Subject: Re: autoblocking many ssh failed logins from the same IP.... Message-ID: <42CA68D0.9000301@peckham.me.uk> In-Reply-To: <42C54872.50106@jc-news.com> References: <42C54872.50106@jc-news.com>
next in thread | previous in thread | raw e-mail | index | archive | help
John Cholewa wrote: > Jun 30 10:36:05 phantom sshd[70478]: Failed password for news from > 212.88.182.121 port 51218 ssh2 > Jun 30 10:36:16 phantom sshd[70500]: Failed password for sshd from > 212.88.182.121 port 51608 ssh2 > Jun 30 10:36:39 phantom sshd[70569]: Failed password for root from > 212.88.182.121 port 52297 ssh2 > > I get the above a lot in my logs (except more of it). Each day, a > couple hundred failed attempts to log in from one or sometimes two IP > addresses shows up. I don't have anything like ipf running, and since > this machine is about fifteen hundred miles away from me, I don't want > to experiment with software firewalling right now. > > That known, is there any way to tell sshd (or some more powerful > daemon) to stop accepting login attempts from a given IP if it tries > and fails to log in too many times in a limited duration (like in the > same minute)? > > I suppose, now that I'm thinking about it, that it'd be best to > actually just read the man pages and figure out how to get sshd to > ignore any attempt to attach from ports other than 22. I mean, why > are other machines trying to ssh in at ports over fifty thousand anyway? > > -- > -JC > http://www.livejournal.com/users/jcholewa/ > > PS: Oh, yeah ... "FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38 GMT > 2003" ; openssh-3.6.1_5 ; openssl-0.9.7d_1 > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" I had this on my FreeBSD 4.10 box as well. sshd can be configured to only allow logins for specific users. Edit /etc/sshd_config to add the following AllowUsers <USER_NAME> You can have multiple AllowUsers entries if you want more than one user to be able to ssh in. This has worked pretty well for me, although I still get an occasional (once every couple of days) failed login attempt on the one valid user name I've set up. I guess I could use a less guessable user id.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42CA68D0.9000301>