SSHD Feature Request

Damien Miller djm at
Fri May 13 22:02:32 EST 2005

Seann Herdejurgen wrote:
> With the increased number of "brute force" login attempts against
> port 22, I am concerned that an intruder may actually stumble accross
> a valid user/pass combination.  To combat this, I would like to
> request an sshd_config option that would cause the running sshd
> parent process to keep track of login failures by IP address.  If
> there are more than X number of login failures for a particular IP
> address over a fixed period of time, simply deny login to all
> attempts after the first X tries.

We are pretty sure that we don't want to do this for a variety of
reasons. But, that doesn't stop you from doing it with a little
perl script that watches syslog and pokes addresses into your packet
filter of choice.

This has been discussed on the list a couple of times, pleast check the
archives for more detailled comments.

I have some other ideas on how to mitigate these attacks in sshd,
hopefully I'll have time to implement them soon.


More information about the openssh-unix-dev mailing list