Цитата vadblm:
бан по IP после нескольких неудачных попыток »
|
я использую модуль iptables под названием hashlimit))) это для защиты от брутфорса.
Также можно сделать защиту с помощью SSHD самого же:
Код:
MaxAuthTries,MaxSessions, MaxStartups:
Specifies the maximum number of concurrent unauthenticated con-
nections to the SSH daemon. Additional connections will be
dropped until authentication succeeds or the LoginGraceTime
expires for a connection. The default is 10.
Alternatively, random early drop can be enabled by specifying the
three colon separated values ``start:rate:full'' (e.g.
"10:30:60"). sshd(8) will refuse connection attempts with a
probability of ``rate/100'' (30%) if there are currently
``start'' (10) unauthenticated connections. The probability
increases linearly and all connection attempts are refused if the
number of unauthenticated connections reaches ``full'' (60).