[ale] 300,000 failed login attempts in 6 months!!!
Brian Pitts
brian at polibyte.com
Mon Aug 18 12:49:25 EDT 2008
Greg Freemyer wrote:
> I don't want to restrict access to private/public key authentication,
> but other than continueing to use strong passwords, is there something
> else I should be doing to slow down the onslaught.
In sshd_config you could use MaxStartups to slow down the onslaught.
Specifies the maximum number of concurrent unauthenticated con
nections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10. Alternatively, random
early drop can be enabled by specifying the three colon separated values
“start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse connection
attempts with a probability of “rate/100” (30%) if there are currently
“start” (10) unauthenticated connections. The probability increases
linearly and all connection attempts are refused if the number of
unauthenticated connections reaches “full” (60).
I personally use DenyHosts [0] to deal with the problem.
[0] http://denyhosts.sourceforge.net/
-Brian
More information about the Ale
mailing list