On Tue, Jan 20, 2009 at 4:33 PM, Paul Hartman <paul.hartman+gen...@gmail.com> wrote: > Hi, > > After setting up public key authentication i changed my sshd back to > port 22 and got the expected bombardment of connection attempts. > However, it doesn't seem to ever stop them. I'm using sshd with this > setting: > > MaxAuthTries 3 > > in my /etc/ssh/sshd_config > > So, why does it allow unlimited failed login attempts? For example, as > I write this I'm seeing this in my logs: > <snip> > > I'm using denyhosts but it seems that it doesn't deny anyone until an > hour has passed, despite the fact I'm using the daemon which > constantly monitors the log file... by which time hundreds or > thousands of attempts can be made. Maybe that's a configuration issue > on my denyhosts setup, but shouldn't sshd be blocking them in the > first place? > > Thanks, > Paul
I'm pretty sure MaxAuthTries 3 does nothing more than disconnect you after 3 failed connections (meaning all you have to do is reconnect to keep trying)... it doesn't do any sort of 'intelligent' protection of the system. DenyHosts worked great for me while I used it, but I also found that a firewall rule limiting connection attempts to 3 per source IP per 10 minute period put a big dent in the number of tries that denyhosts ever even had to see (though they were always enough to get that source blacklisted, I had things set rather restrictive). Something I was pointed towards on IRC, in the event that the SSH server you're running is primarily for your use or the use of knowledgeable users (fellow admins)... look up Single Packet Authorization (SPA). -- Poison [BLX] Joshua M. Murphy
