Stop Brute Force Attack on SSH

Howard Chu
Mon Feb 18 01:54:00 GMT 2008

Kyle Dawson wrote:
> How can I stop attacks on my ssh demon?   I see thousands of attempts every
> day.  I have, I believe good password policy but since I have clients,  not
> 100% sure.  Is there some config that  I can set?  One ip address comes in
> and tries for a day or so.  Can it see that it is the same ip and just
> deny?  Any tools that can help?

I see the same thing once in a while. I've wanted an option for this as well. 
Sometimes I black-hole the offending IP address so I don't have to see the 
failures in the log files any more.

In the meantime, I just disable password-based logins, and require everyone to 
use a public key.

   -- Howard Chu
   Chief Architect, Symas Corp.
   Director, Highland Sun
   Chief Architect, OpenLDAP

Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list