One feature that I haven't seen in OpenSSH (It may be there) is an automatic blacklisting of IP addresses when a certain number of login attempts are reached from that IP address. It seems like it is popular these days to try brute force access on password cracking and automatic blacklisting may limit these attempts. Best regards/Nils Hammar
On Sat, Dec 17, 2005 at 09:57:17PM +0100, Nils Hammar wrote:> One feature that I haven't seen in OpenSSH (It may be there) is an > automatic blacklisting of IP addresses when a certain number of > login attempts are reached from that IP address. It seems like it > is popular these days to try brute force access on password > cracking and automatic blacklisting may limit these attempts.This has been suggested before, but rejected. The recommended way to implement this is to monitor log output from OpenSSH and make appropriate changes to the firewall settings. OpenSSH is not a firewall. //Peter
* Peter Stuge <stuge-openssh-unix-dev at cdy.org> schrieb: <snip>> This has been suggested before, but rejected. > > The recommended way to implement this is to monitor log output from > OpenSSH and make appropriate changes to the firewall settings.hmm. how could this be implemented ? We need a way to get the failed attemts to some other process. Some external event handler, which gets called on all noticable events with appropriate parameters, could help. ie. for login fail: $HANDLER login-failed <username> <ip> <auth-method> ... succed login $HANDLER login-granted <username> <ip> <auth-method> <tty> ... cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: contact at metux.de cellphone: +49 174 7066481 --------------------------------------------------------------------- -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops -- ---------------------------------------------------------------------