This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Stop Brute Force Attack on SSH

From: Howard Chu <hyc at highlandsun dot com>
To: cygwin at cygwin dot com
Date: Sun, 17 Feb 2008 17:08:20 -0800
Subject: Re: Stop Brute Force Attack on SSH
References: <47b8d665.02fd220a.6f30.11eb@mx.google.com>

Kyle Dawson wrote:

How can I stop attacks on my ssh demon?   I see thousands of attempts every
day.  I have, I believe good password policy but since I have clients,  not
100% sure.  Is there some config that  I can set?  One ip address comes in
and tries for a day or so.  Can it see that it is the same ip and just
deny?  Any tools that can help?

I see the same thing once in a while. I've wanted an option for this as well. Sometimes I black-hole the offending IP address so I don't have to see the failures in the log files any more.

In the meantime, I just disable password-based logins, and require everyone to use a public key.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- RE: Stop Brute Force Attack on SSH
  - From: Kyle A. Dawson

References:
- Stop Brute Force Attack on SSH
  - From: Kyle Dawson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]