On Tuesday 25 January 2005 01:18 am, Christian Tischler <[EMAIL PROTECTED]> wrote: > Hi, > as I have an DSL line witch is 24/7 online (coming from an big and > popular provider) my servers sshd reports 30 to 50 failed > root/operator/etc. logins a day. I would like to block the incoming > ip for a few days automaticly after e.g failed login requests. > Currently I am using ipf, but it would be no problem to use any other > FreeBSD firewall. > This is not only for security reasons, but also to shorten the daily > security run output :-)
Some people have already provided good suggestions, and this isn't something to worry about unless someone does get in, but the easiest way to prevent this from happening is to make sshd listen on a different port, preferably a high-numbered one. Then, you close port 22 on your firewall and open the one you designated for sshd, and you login to that port from the other machine with ssh. Also, can you go without logins, i.e., can you go entirely with key-based authentication? That can help, too, as well as preventing root from logging in remotely or to ssh (a user in wheel can su), but changing the port often stops attempted ssh logins entirely. - jt _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"