Minimize sshd log clutter/spam from unauthenticated connections

Philipp Marek philipp at marek.priv.at
Sun Mar 19 00:19:25 AEDT 2023


I guess you might find fail2ban useful.

It scans logfiles (like /var/log/sshd.log), and when it sees too many authentication failures from an IP address (or network range) it can issue commands to drop any further attempts via a firewall.

By having it read its own logfile it's possible to have repeated offenders be cut out for longer and longer time spans.

https://www.fail2ban.org/wiki/index.php/Main_Page
https://supine.com/posts/2012/08/fail2ban-monitoring-itself-recursively/


More information about the openssh-unix-dev mailing list