This is the mail archive of the
mailing list for the Cygwin project.
Re: Stop Brute Force Attack on SSH
- From: Howard Chu <hyc at highlandsun dot com>
- To: cygwin at cygwin dot com
- Date: Sun, 17 Feb 2008 17:08:20 -0800
- Subject: Re: Stop Brute Force Attack on SSH
- References: <firstname.lastname@example.org>
Kyle Dawson wrote:
How can I stop attacks on my ssh demon? I see thousands of attempts every
day. I have, I believe good password policy but since I have clients, not
100% sure. Is there some config that I can set? One ip address comes in
and tries for a day or so. Can it see that it is the same ip and just
deny? Any tools that can help?
I see the same thing once in a while. I've wanted an option for this as well.
Sometimes I black-hole the offending IP address so I don't have to see the
failures in the log files any more.
In the meantime, I just disable password-based logins, and require everyone to
use a public key.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html