Banning ips for some time?
mail at myunix.net
Wed Jan 26 23:39:58 PST 2005
Sandy Rutherford wrote:
>On Tue, 25 Jan 2005 you wrote:
> > .... my servers sshd reports 30 to 50 failed
> > root/operator/etc. logins a day. I would like to block the incoming ip
> > for a few days automaticly after e.g failed login requests.
> > Currently I am using ipf, but it would be no problem to use any other
> > FreeBSD firewall.
>For peace of mind, you can always use the AllowGroups, AllowUsers,
>PermitRootLogin, .... options in sshd_config to remove ssh access to
>root, uucp, operator, and other system accounts. I only permit ssh
>access to user accounts. The scripts which are making these login
>attempts are not typically going to try user accounts for obvious
>reasons. If you need off-site root access you should be using su or
>sudo bash anyway. I would recommend always turning off root access
>freebsd-questions at freebsd.org mailing list
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
Thanks for the answer. You described roughly the way I run sshd by now.
More information about the freebsd-questions