Greetings folks...
Is there any way i can make ssh accept only 1 login attempt say every 30 sec or something?
And then block a host for 30min if it tries more than x times with out success?
Regards Kim
ssh and login
Re: ssh and login
This CentOS wiki article may help:
http://wiki.centos.org/HowTos/Network/SecuringSSH
Check out section 5 Filter SSH at the Firewall.
http://wiki.centos.org/HowTos/Network/SecuringSSH
Check out section 5 Filter SSH at the Firewall.
ssh and login
Hi bumblebee, and welcome to the forums.
As toracat correctly suggests, there isn't a way to directly time limit login attempts in SSH, so using iptables 'recent' module is one way to tackle the issue.
It's interesting that you bring up this question today; SANS Internet Storm Center have a diary entry today on brute-force SSH attacks:
http://isc.sans.org/diary.html?storyid=4408
From the research paper they cite, it would appear attackers are getting clever and either using slowed attacks or distributed attacks in order to circumvent exactly the type of defense you mention.
I would suggest the current best practice is to employ strength in depth and combine as many approaches as are reasonably practical within your environment. Using strong passwords, disabling root logins, moving to a non-standard high port number and using public key authentication are also all extremely effective counter measures against these speculative attacks.
Ned
As toracat correctly suggests, there isn't a way to directly time limit login attempts in SSH, so using iptables 'recent' module is one way to tackle the issue.
It's interesting that you bring up this question today; SANS Internet Storm Center have a diary entry today on brute-force SSH attacks:
http://isc.sans.org/diary.html?storyid=4408
From the research paper they cite, it would appear attackers are getting clever and either using slowed attacks or distributed attacks in order to circumvent exactly the type of defense you mention.
I would suggest the current best practice is to employ strength in depth and combine as many approaches as are reasonably practical within your environment. Using strong passwords, disabling root logins, moving to a non-standard high port number and using public key authentication are also all extremely effective counter measures against these speculative attacks.
Ned
-
public_domain
- Posts: 28
- Joined: 2007/11/18 06:05:23
- Contact:
Re: ssh and login
actually you can use CONFIGSERVER. i use it and people attempt and get blocked all the time. very configure-able.