Minimize sshd log clutter/spam from unauthenticated connections
philipp_subx at redfish-solutions.com
Tue Apr 25 03:26:48 AEST 2023
Good suggestion. You could also use rate-limiting on your firewall to slow down inbound connections from the same attacker.
> On Mar 18, 2023, at 7:19 AM, Philipp Marek <philipp at marek.priv.at> wrote:
> I guess you might find fail2ban useful.
> It scans logfiles (like /var/log/sshd.log), and when it sees too many authentication failures from an IP address (or network range) it can issue commands to drop any further attempts via a firewall.
> By having it read its own logfile it's possible to have repeated offenders be cut out for longer and longer time spans.
More information about the openssh-unix-dev