Skip to main content

Shutdown ssh brute-force password attacks

More
18 years 5 months ago #11360 by MobyChien
Shutdown ssh brute-force password attacks was created by MobyChien
Whenever you opened ssh access, you know you are inviting ssh brute-force attacks. I am not allowing password authentication (only Public/private key authentication) so I am relatively safe by now, but these attacks are annoying. Is there any way (e.g. using Linux firewall rules), to automatically shutdown the attack connections?
8)
More
18 years 5 months ago #11381 by DaLight
Replied by DaLight on topic Re: Shutdown ssh brute-force password attacks
If you will be logging in from predetermined locations, you could allow external access based on IP or subnet. Alternatively, if you get this attacks quite frequently, you could also use iptables' rate limiting rules which allow you to specify how often you allow connections of a particular type.
More
18 years 5 months ago #11382 by RedRanger
Replied by RedRanger on topic Re: Shutdown ssh brute-force password attacks
Alright, if you have a cisco router, then you can set what is called an access control list (ACL). They are very useful and effective.
RedRanger

"I'd Rather You Hate Me For Everything I Am Than Love Me For Something I'm Not."

Be Awesome
More
18 years 5 months ago #11386 by christiaan
Replied by christiaan on topic Re: Shutdown ssh brute-force password attacks
Try this denyhosts.sourceforge.net/ or read this www.linux.com/article.pl?sid=05/09/15/1655234
Time to create page: 0.142 seconds