Minimize sshd log clutter/spam from unauthenticated connections
Philipp Marek
philipp at marek.priv.at
Sun Mar 19 00:19:25 AEDT 2023
I guess you might find fail2ban useful.
It scans logfiles (like /var/log/sshd.log), and when it sees too many authentication failures from an IP address (or network range) it can issue commands to drop any further attempts via a firewall.
By having it read its own logfile it's possible to have repeated offenders be cut out for longer and longer time spans.
https://www.fail2ban.org/wiki/index.php/Main_Page
https://supine.com/posts/2012/08/fail2ban-monitoring-itself-recursively/
More information about the openssh-unix-dev
mailing list