John Cholewa wrote:
Jun 30 10:36:05 phantom sshd[70478]: Failed password for news from
212.88.182.121 port 51218 ssh2
Jun 30 10:36:16 phantom sshd[70500]: Failed password for sshd from
212.88.182.121 port 51608 ssh2
Jun 30 10:36:39 phantom sshd[70569]: Failed password for root from
212.88.182.121 port 52297 ssh2
I get the above a lot in my logs (except more of it). Each day, a
couple hundred failed attempts to log in from one or sometimes two IP
addresses shows up. I don't have anything like ipf running, and since
this machine is about fifteen hundred miles away from me, I don't want
to experiment with software firewalling right now.
That known, is there any way to tell sshd (or some more powerful
daemon) to stop accepting login attempts from a given IP if it tries
and fails to log in too many times in a limited duration (like in the
same minute)?
I suppose, now that I'm thinking about it, that it'd be best to
actually just read the man pages and figure out how to get sshd to
ignore any attempt to attach from ports other than 22. I mean, why
are other machines trying to ssh in at ports over fifty thousand anyway?
--
-JC
http://www.livejournal.com/users/jcholewa/
PS: Oh, yeah ... "FreeBSD 4.8-RELEASE #0: Thu Apr 3 10:53:38 GMT
2003" ; openssh-3.6.1_5 ; openssl-0.9.7d_1
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
I had this on my FreeBSD 4.10 box as well. sshd can be configured to
only allow logins for specific users.
Edit /etc/sshd_config to add the following
AllowUsers <USER_NAME>
You can have multiple AllowUsers entries if you want more than one user
to be able to ssh in.
This has worked pretty well for me, although I still get an occasional
(once every couple of days) failed login attempt on the one valid user
name I've set up. I guess I could use a less guessable user id.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"