Date: Thu, 27 Jan 2005 08:39:54 +0100 From: Christian Tischler <mail@myunix.net> To: freebsd-questions@freebsd.org Cc: Sandy Rutherford <sandy@krvarr.bc.ca> Subject: Re: Banning ips for some time? Message-ID: <41F89ACA.4070605@myunix.net> In-Reply-To: <16887.52221.648112.336027@szamoca.krvarr.bc.ca> References: <41F60ECC.8050206@myunix.net> <16887.52221.648112.336027@szamoca.krvarr.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Sandy Rutherford wrote: >Christian, > >On Tue, 25 Jan 2005 you wrote: > > > .... my servers sshd reports 30 to 50 failed > > root/operator/etc. logins a day. I would like to block the incoming ip > > for a few days automaticly after e.g failed login requests. > > Currently I am using ipf, but it would be no problem to use any other > > FreeBSD firewall. > >For peace of mind, you can always use the AllowGroups, AllowUsers, >PermitRootLogin, .... options in sshd_config to remove ssh access to >root, uucp, operator, and other system accounts. I only permit ssh >access to user accounts. The scripts which are making these login >attempts are not typically going to try user accounts for obvious >reasons. If you need off-site root access you should be using su or >sudo bash anyway. I would recommend always turning off root access >via ssh. > >...Sandy >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > Thanks for the answer. You described roughly the way I run sshd by now. Christian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41F89ACA.4070605>