[H-GEN] Re: Blocking SSH exploits
dugb at netspace.net.au
Mon Aug 23 10:02:16 EDT 2004
>>By the way, we are thinking that it would be nice to be able to block
>>IPs that make any such attempts automatically, probably for about 10
>>minutes. Does anyone know how to do this, and would it be worthwhile trying?
The MaxStartups option in sshd_config looks interesting. Adjusting the values
should let you deny all incoming attempts after a specified number of failed
attempts. I am not sure how long this block stays in place for, I guess for the
The only problem of course is that if you are experiencing an ongoing attack
then you are also blocked from accessing the box until the attack stops.
More information about the General