SSHD Feature Request
Bob Proulx
bob at proulx.com
Sat May 14 13:48:02 EST 2005
Darren Tucker wrote:
> David Leonard wrote:
> >On Fri, 13 May 2005, Seann Herdejurgen wrote:
> >>a valid user/pass combination. To combat this, I would like to request
> >>an sshd_config option that would cause the running sshd parent process
> >>to keep track of login failures by IP address. If there are more than X
> >>number of login failures for a particular IP address over a fixed period
> >>of time, simply deny login to all attempts after the first X tries.
> >
> >check out pam_tally. I've not used it but googling shows some reports of
> >success with ssh.
>
> Also pam_abl. It allows blocking by source IP not just by account.
> http://www.hexten.net/sw/pam_abl/index.mhtml
Also port knocking is an interesting technique if you are concerned
about this.
http://shorewall.net/PortKnocking.html
Bob
More information about the openssh-unix-dev
mailing list