8 Oct
2010
8 Oct
'10
7:41 p.m.
Max said:
I might create a blacklist of IP addresses... for
example, to filter
/var/log/auth.log into /etc/hosts.deny... (but that might grow too large)
Various programs exist to do this automatically (e.g. three failed
logins from the IP address and it gets put in hosts.deny). I use
denyhosts - it picks up one or two a day on average.
Alternative programs exist and someone will doubtless be along soon to
name the one various other people here use.
You can also move what port sshd is listening on and ban password-based
logins entirely.
Ian