That's a good idea, but I want to be able to shell in from public computers.
Maybe instead of blocking the IP address, I should block the username from
logging in after a certain number of tries.
-----Original Message-----
From: Johannes Franken [mailto:jfranken@jfranken.de]
Sent: Thursday, August 08, 2002 3:51 PM
To: suse-security@suse.com
Subject: [suse-security] Re: Automatically blacklist IP after multiple
SSH login failures
* Jeff Stewart
I'd like to protect myself against dictionary or brute force login attacks. Is there a way within OpenSSH
Sure, get used to using RSA keys and put this to your /etc/ssh/sshd_config then: Protocol 2 RSAAuthentication yes PasswordAuthentication no
automatically blacklist an IP address after x number of failed login attempts?
that won't help, because the hacker can easily switch to another IP address.