Re: OpenSSH -- a way to block recurrent login failures?

For linux there is a portsentry and hostsentry package that with little 
fix can do the job

Greg Wooledge wrote:
> On Tue, Sep 21, 2004 at 10:02:22AM -0400, Victor Danilchenko wrote:
>
> > The best solution I could come up with so far would be to run OpenSSH
> > through TCPWrappers, and set up a log watcher daemon which would edit
> > /etc/hosts.deny on the fly based on the tracked number of failed logins
> > for each logged host.
>
>
> If you get OpenSSH to log every failed login attempt, in real time,
> then any number of possibilities will be opened up.  But instead of
> using hosts.deny (*barf*), I'd use a table in OpenBSD's PF rules.
> You could have a daemon (cron job, whatever) that analyzes the log file
> and adds entries to the PF table on the fly.
>
> This is very similar to how OpenBSD's greylisting (spamd) works, in
> fact.  You can see a more detailed overview here:
> http://www.openbsd.org/cgi-bin/man.cgi?query=spamd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html
>
> I would imagine that something similar could be done with iptables on
> the Linux side of the world, but I wouldn't know how.


--
Milen Minev
Istar-Link Ltd
Internet Division
+359887673824
milen@istar-link.com