[Nelug] Blocking brute-force ssh attacks

Stephen steve at patter.mine.nu
Wed Aug 9 18:08:51 UTC 2006

On 09 Aug 06, Martin Ward (martin at gkc.org.uk) wrote:
> Getting fed up with the various idiots who think that they can guess my ssh
> attacks with a brute force dictionary attack, I decided to do something
> about them.
> I previously experimented with "port knocking" (see www.portknocking.org)
> which worked, but is a bit tricky to use since many public internet access
> points have a very limited set of ports open.
> So instead, I wrote a small daemon which scans the log file and builds
> a list of IP addresses which have cause too many failed login attempts:

I've got mine set up to allow only 1 user and to require the correct ssh 
key, and disabled normal password authentication.

Stephen Patterson :: steve at patter.mine.nu :: http://patter.mine.nu/
GPG: E3E8E974 :: Jabber: patter at jabber.earth.li 
"At night, the razor weasels come."

More information about the Nelug mailing list