[Techtalk] 216 ssh login attempts, what to do?

David Sumbler david at aeolia.co.uk
Wed Oct 13 16:36:07 EST 2004

On Tue, 12 Oct 2004, aec wrote:

> Recently, someone has attempted to login to my debian woody server
> 216 times.


> ...here is what I am thinking...
> If the anyone has X number of failed attempts then ip block them.

I have followed the correspondence on this with interest, and on the
strength of it I have added an AllowUsers line to my sshd_config file.

But the OP's idea of blocking any log-in attempts from an IP with,
say, three failed attempts in a short space of time seems an excellent
one, yet nobody has addressed this.

Is it really not possible to do what she suggested?  (And if it isn't,
then it should be!)

I am the only person who legitimately would want to log into my
machine.  As I haven't yet mastered the ability of being in more than
one place at a time, something like this would be excellent for me.
With root logins banned, the only AllowUser being me, and any IP
banned from making more than 3 failed attempts within, say, 6 hours, I
would feel much more secure than I do at the moment.  Each day I see
numerous repeated attempts to make illicit ssh connections to my



More information about the Techtalk mailing list