Block repeated illegal or failed SSH logins
From FreeBSDwiki
Revision as of 06:30, 26 May 2009 by 82.77.105.233 (Talk)
Introduction
We're starting to see a rash of password guessing attacks via SSH on exposed BSD servers which are running the SSH daemon. These login attempts are coming from multiple addresses, which makes some people suspect that they're being carried out by a network of "bots" rather than a single attacker.
Limiting SSH login sessions
In your sshd_config file the following settings can also help slow down such attacks.
- LoginGraceTime
- The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. The default is 120 seconds.
- MaxStartups
- Specifies the maximum number of concurrent unauthenticated connections to the sshd daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values "start:rate:full" (e.g.,"10:30:60"). sshd will refuse connection attempts with a probability of "rate/100" (30%) if there are currently "start" (10) unauthenticated connections. The probability increases linearly and all connection attempts