X-Recipient: archive-cygwin AT delorie DOT com X-Spam-Check-By: sourceware.org Message-ID: <47B8DA84.4030206@highlandsun.com> Date: Sun, 17 Feb 2008 17:08:20 -0800 From: Howard Chu User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9b3pre) Gecko/2008013117 SeaMonkey/2.0a1pre MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: Stop Brute Force Attack on SSH References: <47b8d665 DOT 02fd220a DOT 6f30 DOT 11eb AT mx DOT google DOT com> In-Reply-To: <47b8d665.02fd220a.6f30.11eb@mx.google.com> Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Kyle Dawson wrote: > How can I stop attacks on my ssh demon? I see thousands of attempts every > day. I have, I believe good password policy but since I have clients, not > 100% sure. Is there some config that I can set? One ip address comes in > and tries for a day or so. Can it see that it is the same ip and just > deny? Any tools that can help? I see the same thing once in a while. I've wanted an option for this as well. Sometimes I black-hole the offending IP address so I don't have to see the failures in the log files any more. In the meantime, I just disable password-based logins, and require everyone to use a public key. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/