SSH2

[Mike Klinke]

On Tuesday 05 April 2005 17:43, Chris W. Parker wrote:
> I wonder why though the firewall (iptables) doesn't automatically
> block ip addresses after say 20 failed attempts? Is this
> possible?


You can run sshd via xinetd for access to various filtering.  For 
example you can set up for example you can specify:

per_source ---

Takes an integer or "UNLIMITED" as an argument.  This specifies the 
maximum instances of  this  service  per source  IP address.

cps ---

Limits the rate of incoming  connections.  Takes two arguments.   
The  first argument is the number of connections per second to 
handle.  If the rate of  incoming  connections is higher than this, 
the service will be temporarily disabled.  The second argument  is  
the number  of seconds to wait before re-enabling the service after 
it has been disabled.

only_from ---

Limit connection to certain addresses.

and others ----

see "man xinetd.conf"


Example /etc/xinetd.d/ssh file:

service ssh
{
        disable = no
        socket_type = stream
        type = UNLISTED
        port = 22
        protocol = tcp
        wait = no
        user = root
        server = /usr/sbin/sshd
        server_args = -i -u0
        only_from = <ip address/range> 
}