Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Limit the number of erroneous logins of root from the same IP

4 views
Skip to first unread message

Luis Gonçalves

unread,
Nov 13, 2011, 10:49:46 PM11/13/11
to
Dear All

There any way to limit the number of erroneous logins of root from
the same IP? After the limit that IP can not try to login anymore.

The tries could be consecutive or during a day. After that no more
logins.

Thanks

Luis Gonçalves

Aragorn

unread,
Nov 14, 2011, 6:39:41 AM11/14/11
to
On Monday 14 November 2011 04:49, Luis Gonçalves conveyed the following
to alt.linux...
Yes, two things... :

1) Disable root login over ssh. Whoever needs root access over ssh
can make use of "/bin/su" or "/usr/bin/sudo".

2) Install sshguard (http://www.sshguard.net/), which will inspect
the logs and will automatically add a firewall rule for any host
from where consecutively failing login attempts are made.

--
= Aragorn =
(registered GNU/Linux user #223157)

Moe Trin

unread,
Nov 14, 2011, 8:57:29 PM11/14/11
to
On Mon, 14 Nov 2011, in the Usenet newsgroup alt.linux, in article
<j9qult$hmv$1...@dont-email.me>, Aragorn wrote:

>Luis Gonçalves wrote:

>> There any way to limit the number of erroneous logins of root
>> from the same IP? After the limit that IP can not try to login
>> anymore.

Please don't post the same article to more than one newsgroup. If you
must, include ALL of the newsgroups in the ONE article you post so
people don't see repeats. You already received multiple answers in
the 'alt.os.linux.redhat' news group.

>> The tries could be consecutive or during a day. After that no more
>> logins.

>Yes, two things... :
>
> 1) Disable root login over ssh. Whoever needs root access over ssh
> can make use of "/bin/su" or "/usr/bin/sudo".

Agree - root logins over the net are a major security risk that is
COMPLETELY unnecessary.

> 2) Install sshguard (http://www.sshguard.net/), which will inspect
> the logs and will automatically add a firewall rule for any host
> from where consecutively failing login attempts are made.

Not sure what advantage 'sshguard' has over 'BlockHosts', or over the
older 'fail2ban' or 'DenyHosts'. One item where it doesn't meet the
O/P's requirements is that unless it's reconfigured, it ignores attempts
more than 20 minutes apart.

Old guy
0 new messages