[PATCH 0/1] *** SUBJECT HERE ***
Thomas Koeller
thomas at koeller.dyndns.org
Thu Mar 12 07:39:52 AEDT 2020
Hi,
sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.
I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If activated in
sshd_config, an external program will be invoked every time a session is
terminated without the requesting client being authenticated. The program
is passed the offending client's IP address in its environment. It could
then block the originating host, possibly after a predefined number of
such events in a certain interval, by reconfiguring the system's firewall
or similar means.
Comments welcome.
Thomas Koeller (1):
sshd: Added authentication failure hook
servconf.c | 6 ++++++
servconf.h | 1 +
sshd.c | 19 +++++++++++++++++++
sshd_config | 3 +++
sshd_config.5 | 11 +++++++++++
5 files changed, 40 insertions(+)
--
2.24.1
More information about the openssh-unix-dev
mailing list