sshd behaviour when people are trying to break in

chris rapier rapier at psc.edu
Wed Nov 15 10:44:01 EST 2006



Daniel Kahn Gillmor wrote:
> hi Mark--
> 
> On November 14, markb at ordern.com said:
> 
> 
>>It would be good if sshd could detect such break in attempts and
>>simply not accept the connections. I can imagine having a simple
>>mechanism that counts the number of login attempts from a given IP
>>address and if so many are attempted in a short time period, that IP
>>address is blacklisted for a while.
> 
> 
> I don't think this functionality belongs in openssh.

I agree. I don't want to see SSH start taking on rolls that really 
aren't a part of its core functionality. An IDS is really much better 
suited for this sort of job.

Chris



More information about the openssh-unix-dev mailing list