pavement

Block repeated illegal or failed SSH logins

From FreeBSDwiki
Revision as of 22:51, 7 June 2009 by 219.3.142.46 (Talk)
Jump to: navigation, search

Introduction

We're starting to see a rash of password guessing attacks via SSH on exposed BSD servers which are running the SSH daemon. These login attempts are coming from multiple addresses, which makes some people suspect that they're being carried out by a network of "bots" rather than a single attacker.

Limiting SSH login sessions

In your sshd_config file the following settings can also help slow down such attacks.

  • LoginGraceTime
The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. The default
Personal tools