iptables in linux
Craig White
craigwhite at azapple.com
Sat Nov 12 12:38:07 UTC 2011
On Sat, 2011-11-12 at 04:03 -0700, T.C. Hollingsworth wrote:
> On Sat, Nov 12, 2011 at 3:19 AM, Roger <arelem at bigpond.com> wrote:
> > Is there a way to limit:
> > -number of log in attempts to 2,
> > -the duration of a log in attempt to 3 seconds or less
> > -the number of times a username can be tried, prefer it set at 2 and
> > then not again for 24 hours if it fails.
>
> "NumberOfPasswordPrompts" in /etc/ssh_config takes care of at least
> one of those. See "man ssh_config" for details.
>
> > Also is there a way to DROP ip addresses after 2 attempts and not allow
> > that ip address for say 24 hours?
>
> Take a look at fail2ban: http://www.fail2ban.org/
>
> It's in the repos: "yum install fail2ban"
----
or denyhosts - perhaps simpler ambitions than fail2banbut highly
effective at blocking ip addresses with consecutive logon failures.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the users
mailing list