Re: [OT] SSH throttle - security

To: Donald Lee <MacPPC2%caution.icompute.com@localhost>
Subject: Re: [OT] SSH throttle - security
From: Daniel Eggert <eggert%macvaerk.dtu.dk@localhost>
Date: Mon, 26 Jan 2009 14:23:51 -0800

On Jan 26, 2009, at 1:41 PM, Donald Lee wrote:

[sorry for the OT]
I have an ssh annoyance - my logs are FULL of cracking attempts.This isan externally visible server, so I can't simply shut off access.They aretrying lots of random accounts, and I'm not worried that they'll getin,
but it's a pain, both because it generates huge logfiles, and also
because it burns non-trivial CPU.
Does anyone know of an option/method to "throttle" incoming SSHrequests.I would be more than happy to limit said requests to one every Nseonds,
where N is in the range of 5-10 (or more?)

I don't see anything in the docs or on the web that will allow me to
do this.  I'm not anxious to write proxy software to do this. :-<

I figure this might be of general interest to anyone with an exposed
server.

Thanks,

-dgl-

Have a look at MaxStartups. This also allows for "random early drop".You could set it to


MaxStartups 2:50:6

With this sshd will refuse connection attempts with a probability of50% if there are currently 2 unauthenticated connections. Theprobability increases linearly and all connection attempts are refusedif the number of unauthenticated connections reaches 6.


/Daniel

References:
- Re: MacPPC serial ports in 4.0.1 - not quite
  - From: Izumi Tsutsui
- [OT] SSH throttle - security
  - From: Donald Lee

Prev by Date: Re: [OT] SSH throttle - security
Next by Date: Re: Xorg and 5.0_BETA on Powerbook G4
Previous by Thread: Re: [OT] SSH throttle - security
Next by Thread: Re: [OT] SSH throttle - security
Indexes:

Home | Main Index | Thread Index | Old Index