Limiting login ressources

Jakob Curdes jc at
Wed Apr 13 05:32:49 EST 2005


recently we experiance random login attempts with various user names 
such as test,guest,admin,root,http etc pp. all from the same IP in a 
short time. I observed this on different machines. We have limited 
access to ssh to 2 or 3 users  on all our boxes, so I do not really feel 
a necessity to protect our machines better from misuse. Nevertheless I 
think it would be good to block an IP address after the 3rd or so login 
attempt with an illegal name or at least block an IP that tries to cycle 
user names like a merry-go-round. I experimented a bit with options for 
sshd like LoginGraceTime, MaxStartups but these do not really affect the 
sshd behavior in the case mentioned above. I also looked into PAM and 
tried to configure things there, but PAM is not really my daily 
speciality. Is someone willing to explain to me how I can limit login 
attempts via ssh? Is this related to UseLogin?

Jakob Curdes

More information about the openssh-unix-dev mailing list