Minimize sshd log clutter/spam from unauthenticated connections

Philip Prindeville philipp_subx at redfish-solutions.com
Tue Apr 25 03:26:48 AEST 2023


Good suggestion.  You could also use rate-limiting on your firewall to slow down inbound connections from the same attacker.



> On Mar 18, 2023, at 7:19 AM, Philipp Marek <philipp at marek.priv.at> wrote:
> 
> I guess you might find fail2ban useful.
> 
> It scans logfiles (like /var/log/sshd.log), and when it sees too many authentication failures from an IP address (or network range) it can issue commands to drop any further attempts via a firewall.
> 
> By having it read its own logfile it's possible to have repeated offenders be cut out for longer and longer time spans.
> 
> https://www.fail2ban.org/wiki/index.php/Main_Page
> https://supine.com/posts/2012/08/fail2ban-monitoring-itself-recursively/



More information about the openssh-unix-dev mailing list