SSH2
Mike Klinke
mklinke at axsi.com
Wed Apr 6 04:09:28 UTC 2005
On Tuesday 05 April 2005 17:43, Chris W. Parker wrote:
> I wonder why though the firewall (iptables) doesn't automatically
> block ip addresses after say 20 failed attempts? Is this
> possible?
You can run sshd via xinetd for access to various filtering. For
example you can set up for example you can specify:
per_source ---
Takes an integer or "UNLIMITED" as an argument. This specifies the
maximum instances of this service per source IP address.
cps ---
Limits the rate of incoming connections. Takes two arguments.
The first argument is the number of connections per second to
handle. If the rate of incoming connections is higher than this,
the service will be temporarily disabled. The second argument is
the number of seconds to wait before re-enabling the service after
it has been disabled.
only_from ---
Limit connection to certain addresses.
and others ----
see "man xinetd.conf"
Example /etc/xinetd.d/ssh file:
service ssh
{
disable = no
socket_type = stream
type = UNLISTED
port = 22
protocol = tcp
wait = no
user = root
server = /usr/sbin/sshd
server_args = -i -u0
only_from = <ip address/range>
}
More information about the redhat-list
mailing list