SSH Server maximum number of attempts

[John Shahid]

Hi all,

I was wondering if there is a way to limit the maximum number of failed authentication attempts in an ssh server. looks like the serverAuthenticate method won’t exit unless the authentication was successful or a i/o error occurs during packet read/write. I see only three options here to limit the number of failed authentications:

1. panic in the Callbacks when the limit is reached
2. modify the server config and remove the callbacks once the limit is reached
3. patch the serverAuthenticate to support a new config parameter that specifies the maximum number of attempts.

I think the first two options are ugly. My colleague has a patch, i was just wondering what everyone think of the idea before submitting the changes.

Cheers,

JS

​

[Shawn Milochik]

How about installing fail2ban? That's its job, and it does it well.