sshd behaviour when people are trying to break in
rapier at psc.edu
Wed Nov 15 10:44:01 EST 2006
Daniel Kahn Gillmor wrote:
> hi Mark--
> On November 14, markb at ordern.com said:
>>It would be good if sshd could detect such break in attempts and
>>simply not accept the connections. I can imagine having a simple
>>mechanism that counts the number of login attempts from a given IP
>>address and if so many are attempted in a short time period, that IP
>>address is blacklisted for a while.
> I don't think this functionality belongs in openssh.
I agree. I don't want to see SSH start taking on rolls that really
aren't a part of its core functionality. An IDS is really much better
suited for this sort of job.
More information about the openssh-unix-dev