SSH IP blocking?
Kent Borg
kentborg at borg.org
Wed Apr 9 18:48:58 UTC 2008
Keith Clark wrote:
> Is there a way to block ip addresses from attempting ssh connections? I noticed in my auth.log a few people trying to gain access over and over again and would like to stop them.
Be careful of automatically banning IP addresses, you might lock
yourself out. Be careful of permanently banning addresses, you might
lockout something your don't want to lock out.
I like the solutions that temporarily throttle bad attempts--combined
with high quality passwords that will require billions of tries to have
a good chance of getting in.
Note, sshd already limits how fast passwords can be tried, making high
quality passwords very secure. Maybe you don't need any add-on.
-kb
More information about the ubuntu-users
mailing list