View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Block IP after x failed ssh login attempts...
Log in to Ask a Question

Block IP after x failed ssh login attempts...

networking

Hi,

How do I block an IP address after x number of failed ssh login attempts? Any scripts handy I can just plug right in? It'd be great to be able to get an email upon such incident as well…

thanks….

4 Replies

I haven't got anything handy for automatically blocking IPs, but if you want to be warned about invalid login attempts try installing and configuring a log monitor. I'm using Tenshi on Gentoo, but there are several others as well.

If you are worried about attacks to ssh, consider configuring it with certificates or create a "double protection" solution with port knocking. The latter way, all IPs not sending the right knocking sequence are blocked. See http://www.zeroflux.org/knock/ for a simple server & client.

I disabled the ability for root to SSH in (I can still SSH in and then SU to root if needed). I also have portsentry installed, which detects any port scans and blocks the IP via iptables.

Thanks for the tips… I am going to force myself to live without root login and just do su then… In the meantime, I will investigate on Tenshi as well… Thanks!

You can also switch to using RSA keys instead of passwords. In the sshdconfig file, you can use PermitRootLogin without-password, in conjunction with a /root/.ssh/authorizedkeys file, to allow root access using the RSA key only. I've gone even further and only allow RSA for any connections, root or non-root.

It's not a bad idea to check the sshd and sshd_config man pages to see the available options.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct