[PATCH 0/1] *** SUBJECT HERE ***

Thomas Koeller thomas at koeller.dyndns.org
Thu Mar 12 07:39:52 AEDT 2020


sifting through my system's logs, I noticed many break-in attempts by
rogue ssh clients trying long lists of common passwords. For some time
now I pondered different approaches to counter these, but could not come
up with a solution that really satisfied me.

I finally reached the conclusion that any countermeasures required
support in sshd itself, and created the attached patch. If activated in
sshd_config, an external program will be invoked every time a session is
terminated without the requesting client being authenticated. The program
is passed the offending client's IP address in its environment. It could
then block the originating host, possibly after a predefined number of
such events in a certain interval, by reconfiguring the system's firewall
or similar means.

Comments welcome.

Thomas Koeller (1):
  sshd: Added authentication failure hook

 servconf.c    |  6 ++++++
 servconf.h    |  1 +
 sshd.c        | 19 +++++++++++++++++++
 sshd_config   |  3 +++
 sshd_config.5 | 11 +++++++++++
 5 files changed, 40 insertions(+)


More information about the openssh-unix-dev mailing list