[thelist] SSH login attacks
sbeam
sbeam at onsetcorps.net
Thu May 5 10:08:12 CDT 2005
On Thursday 05 May 2005 06:47 am, Getafixx wrote:
> the script seams to try 4 passwords for each account. But frankly they
> are trying accounts that no one in their right mind would set up
anyway.
> (apart from root)
you will get these almost every day on any machine that listens on port
22
> OR do you have the first attempt return quickyly and then later
attempts
> from the same IP (even if they are a few seconds appart) jut keep
> squaring the time taken to return, so 1 2 4 16 96 9216 84934656
> 7213895789838336 and so on.. so that you are just slowly killing the
> attempts.
This sounds good but there is no way to do it with sshd that I know of.
Have seen scripts that scan the logs and add the offending IPs to
hosts.deny, you could google that.
Also look up pam_tally if you are on a linux/bsd system that uses PAM.
Never used it but it seems like it might do what you want if you get it
working.
Another simpler idea is to run ssh on a non-standard port. That works
well for systems with just a few known users who know what a port is.
--
# S Beam - Web App Dev Servs
# http://www.onsetcorps.net/
More information about the thelist
mailing list