Automatic blacklist of IP-addresses.

Peter Stuge stuge-openssh-unix-dev at cdy.org
Sun Dec 18 23:35:39 EST 2005


On Sat, Dec 17, 2005 at 09:57:17PM +0100, Nils Hammar wrote:
> One feature that I haven't seen in OpenSSH (It may be there) is an
> automatic blacklisting of IP addresses when a certain number of
> login attempts are reached from that IP address. It seems like it
> is popular these days to try brute force access on password
> cracking and automatic blacklisting may limit these attempts.

This has been suggested before, but rejected.

The recommended way to implement this is to monitor log output from
OpenSSH and make appropriate changes to the firewall settings.

OpenSSH is not a firewall.


//Peter




More information about the openssh-unix-dev mailing list