Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
RE: [suse-security] Re: Automatically blacklist IP after multiple SSH login failures
  • From: "Jeff Stewart" <jstewart@xxxxxxxxxxxxxx>
  • Date: Thu, 8 Aug 2002 16:01:41 -0400
  • Message-id: <NDBBKCOPILJJPIKIAGALGEKKCOAA.jstewart@xxxxxxxxxxxxxx>
That's a good idea, but I want to be able to shell in from public computers.
Maybe instead of blocking the IP address, I should block the username from
logging in after a certain number of tries.

-----Original Message-----
From: Johannes Franken [mailto:jfranken@xxxxxxxxxxx]
Sent: Thursday, August 08, 2002 3:51 PM
To: suse-security@xxxxxxxx
Subject: [suse-security] Re: Automatically blacklist IP after multiple
SSH login failures


* Jeff Stewart <jstewart@xxxxxxxxxxxxxx> [2002-08-08 18:36 +0200]:
> I'd like to protect myself against dictionary or brute force login
attacks.
> Is there a way within OpenSSH

Sure, get used to using RSA keys and put this to your
/etc/ssh/sshd_config then:

Protocol 2
RSAAuthentication yes
PasswordAuthentication no

> automatically blacklist an IP address after x number of failed login
> attempts?

that won't help, because the hacker can easily switch to another IP
address.


< Previous Next >
Follow Ups
References