iptables in linux

T.C. Hollingsworth tchollingsworth at gmail.com
Sat Nov 12 11:03:10 UTC 2011

On Sat, Nov 12, 2011 at 3:19 AM, Roger <arelem at bigpond.com> wrote:
> Is there a way to limit:
> -number of log in attempts to 2,
> -the duration of a log in attempt to 3 seconds or less
> -the number of times a username can be tried, prefer it set at 2 and
> then not again for 24 hours if it fails.

"NumberOfPasswordPrompts" in /etc/ssh_config takes care of at least
one of those.  See "man ssh_config" for details.

> Also is there a way to DROP ip addresses after 2 attempts and not allow
> that ip address for say 24 hours?

Take a look at fail2ban:  http://www.fail2ban.org/

It's in the repos:  "yum install fail2ban"


More information about the users mailing list