Re: [OT] SSH throttle - security

To: Donald Lee <MacPPC2%caution.icompute.com@localhost>
Subject: Re: [OT] SSH throttle - security
From: John Klos <john%ziaspace.com@localhost>
Date: Mon, 26 Jan 2009 21:52:08 +0000 (UTC)

Hi,

I have an ssh annoyance - my logs are FULL of cracking attempts.  This is
an externally visible server, so I can't simply shut off access.  They are
trying lots of random accounts, and I'm not worried that they'll get in,
but it's a pain, both because it generates huge logfiles, and also
because it burns non-trivial CPU.

Does anyone know of an option/method to "throttle" incoming SSH requests.
I would be more than happy to limit said requests to one every N seonds,
where N is in the range of 5-10 (or more?)

This doesn't throttle (which might possibly lock you and other legitimateusers out), but it does block failed attempts and attempts to log in asnonexistent users (particularly root):


http://www.csc.liv.ac.uk/~greg/sshdfilter/

I've used this on Mac OS X systems, but I'm sure it's easily adaptable toNetBSD.


John Klos

Follow-Ups:
- Re: [OT] SSH throttle - security
  - From: Donald Lee

References:
- Re: MacPPC serial ports in 4.0.1 - not quite
  - From: Izumi Tsutsui
- [OT] SSH throttle - security
  - From: Donald Lee

Prev by Date: [OT] SSH throttle - security
Next by Date: Re: [OT] SSH throttle - security
Previous by Thread: [OT] SSH throttle - security
Next by Thread: Re: [OT] SSH throttle - security
Indexes:

Home | Main Index | Thread Index | Old Index