On Mon, 14 Nov 2011, in the Usenet newsgroup alt.linux, in article
<j9qult$hmv$
1...@dont-email.me>, Aragorn wrote:
>Luis Gonçalves wrote:
>> There any way to limit the number of erroneous logins of root
>> from the same IP? After the limit that IP can not try to login
>> anymore.
Please don't post the same article to more than one newsgroup. If you
must, include ALL of the newsgroups in the ONE article you post so
people don't see repeats. You already received multiple answers in
the 'alt.os.linux.redhat' news group.
>> The tries could be consecutive or during a day. After that no more
>> logins.
>Yes, two things... :
>
> 1) Disable root login over ssh. Whoever needs root access over ssh
> can make use of "/bin/su" or "/usr/bin/sudo".
Agree - root logins over the net are a major security risk that is
COMPLETELY unnecessary.
> 2) Install sshguard (
http://www.sshguard.net/), which will inspect
> the logs and will automatically add a firewall rule for any host
> from where consecutively failing login attempts are made.
Not sure what advantage 'sshguard' has over 'BlockHosts', or over the
older 'fail2ban' or 'DenyHosts'. One item where it doesn't meet the
O/P's requirements is that unless it's reconfigured, it ignores attempts
more than 20 minutes apart.
Old guy