Banning ips for some time?
Sandy Rutherford
sandy at krvarr.bc.ca
Wed Jan 26 08:57:40 PST 2005
Christian,
On Tue, 25 Jan 2005 you wrote:
> .... my servers sshd reports 30 to 50 failed
> root/operator/etc. logins a day. I would like to block the incoming ip
> for a few days automaticly after e.g failed login requests.
> Currently I am using ipf, but it would be no problem to use any other
> FreeBSD firewall.
For peace of mind, you can always use the AllowGroups, AllowUsers,
PermitRootLogin, .... options in sshd_config to remove ssh access to
root, uucp, operator, and other system accounts. I only permit ssh
access to user accounts. The scripts which are making these login
attempts are not typically going to try user accounts for obvious
reasons. If you need off-site root access you should be using su or
sudo bash anyway. I would recommend always turning off root access
via ssh.
...Sandy
More information about the freebsd-questions
mailing list