Protecting SSH from brute force attacks

Dave McCammon davemac11 at
Thu Oct 7 19:46:24 PDT 2004

--- Vulpes Velox <v.velox at> wrote:

> On Thu, 7 Oct 2004 15:15:25 -0700 (PDT)
> Luke <luked at> wrote:
> > There are several script kiddies out there hitting
> my SSH server
> > every day.  Sometimes they attempt to brute-force
> their way in
> > trying new logins every second or so for hours at
> a time.  Given
> > enough time, I fear they will eventually get in.
> > Is there anything I can do to hinder them?
> > 
> > I'd like to ban the IP after 50 failed attempts or
> something.  I'd
> > heard that each failed attempt from a source was
> supposed to make
> > the daemon respond slower each time, thus limiting
> the usefulness of
> > brute force attacks, but I'm not seeing that
> behavior.
> I forget where in /etc it is, but look into setting
> up something that
> allows a certian number of failed logins before
> locking that IP/term
> out for a few minutes.... and if it is constantly
> from the same place
> look into calling their ISP or the like.
> Or in a few cases, like I have done in a few cases,
> and a deny from
> any to any for that chunk of the net...
> man login.conf for more info :)
> _______________________________________________

Following the advice from here:

What I did was to only allow access to one machine
through my firewall for the ssh connections (ipfw
limit). 2 per source address.
And, for that one machine, I changed the sshd port to
a different number. 
I was getting the same brute force attacks but they
have dropped to nil since.

Do you Yahoo!?
Declare Yourself - Register online to vote today!

More information about the freebsd-questions mailing list