Topic: Automatically blacklist ssh break-in attempts?

[holck]

I have my host accessible for administration from external IP addresses, but as an unfortunate consequence of this I often experience ssh break-in attempts, where some external machine tries lots of different user names and password.

I would like some feature like this script (http://www.pettingers.org/code/sshblack.html), that automatically black-lists outside hosts after a number of failed login attempts. Has anyone installed something like that on an SME-server?

Jesper, Denmark

[janet]

holck

Why don'y you setup public private key access for ssh, see the Howto. That way it can be accessed from anywhere (that has the key) but is very safe & hackers will be unable to crack it. If you are roaming/travelling, you can carry the key file on a USB stick.

Alternatively you can specify the remote host IPs that are allowed to access via ssh, using db commands, see the FAQ.

[crazybob]

another option is to set the ssh port to a nonstandard port number. It makes it harder to find.

[Daniel B.]

I would like some feature like this script (http://www.pettingers.org/code/sshblack.html), that automatically black-lists outside hosts after a number of failed login attempts. Has anyone installed something like that on an SME-server?

Look at the denyhosts contrib: http://wiki.contribs.org/Denyhosts it does exactly what you want.

Regards, Daniel

[holck]

Thank you very much, Daniel, you are quite right!