Minimize sshd log clutter/spam from unauthenticated connections
Philip Prindeville
philipp_subx at redfish-solutions.com
Tue Apr 25 03:26:48 AEST 2023
Good suggestion. You could also use rate-limiting on your firewall to slow down inbound connections from the same attacker.
> On Mar 18, 2023, at 7:19 AM, Philipp Marek <philipp at marek.priv.at> wrote:
>
> I guess you might find fail2ban useful.
>
> It scans logfiles (like /var/log/sshd.log), and when it sees too many authentication failures from an IP address (or network range) it can issue commands to drop any further attempts via a firewall.
>
> By having it read its own logfile it's possible to have repeated offenders be cut out for longer and longer time spans.
>
> https://www.fail2ban.org/wiki/index.php/Main_Page
> https://supine.com/posts/2012/08/fail2ban-monitoring-itself-recursively/
More information about the openssh-unix-dev
mailing list