New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Restricting SSH login attempts
Restricting SSH login attempts
I've noticed looking at my /var/log/auth.log that some hacking bot has been attempting to gain access to my Bubba via SSH. It hasn't suceeded of course but throws hundreds of login attempts over the space of a few minutes.
Is there a possibility to configure SSH so that it will only allow 3 or 4 wrong password attempts to come from a single IP address before it locks attempts from that IP address /or for a short cooling off period ?
//Clive.
Is there a possibility to configure SSH so that it will only allow 3 or 4 wrong password attempts to come from a single IP address before it locks attempts from that IP address /or for a short cooling off period ?
//Clive.
Re: Restricting SSH login attempts
Do you run ssh on the default port? How about changing it to something else, like 2222, or you have already done this?Clive wrote:I've noticed looking at my /var/log/auth.log that some hacking bot has been attempting to gain access to my Bubba via SSH. It hasn't suceeded of course but throws hundreds of login attempts over the space of a few minutes.
Is there a possibility to configure SSH so that it will only allow 3 or 4 wrong password attempts to come from a single IP address before it locks attempts from that IP address /or for a short cooling off period ?
//Clive.
Anyway here's how to change the default port:
Code: Select all
sudo nano /etc/ssh/sshd_config
Code: Select all
sudo /etc/init.d/ssh restart
Another way to solve this without messing with sshd is to change ports in your firewall. So that lets say port 2222 externally is forwarded to Bubbas port 22 internally.
This way you still can access Bubba as normal when on the lan. But when accessing from outside you use the 2222 port instead.
/Tor
This way you still can access Bubba as normal when on the lan. But when accessing from outside you use the 2222 port instead.
/Tor
Co-founder OpenProducts and Ex Excito Developer
It is interesting though to see all the usernames they try to log in with
How does this work really? When successful do they detect that they have hit an existing login, and then they start running through another (or the same) dictionary for the password? Just a username and no password doesn't make a gate-crasher happy....
I use putty for ssh and if I enter an invalid username I still get the password prompt, so how would they notice that they have hit an existing user?
Cheers
/Niklas
How does this work really? When successful do they detect that they have hit an existing login, and then they start running through another (or the same) dictionary for the password? Just a username and no password doesn't make a gate-crasher happy....
I use putty for ssh and if I enter an invalid username I still get the password prompt, so how would they notice that they have hit an existing user?
Cheers
/Niklas
Why not solve the problem properly and install BlockHosts?
http://freshmeat.net/projects/blockhosts/
http://freshmeat.net/projects/blockhosts/