Friday, January 23, 2009
Blocking dictionary attacks against SSH
If you've ever looked at /etc/log/secure on your Internet-connected Linux box, you've probably been shocked at the number of logon attempts (hopefully failed attempts) from IP addresses you've never heard of. Of course, it's just some bad guy attempting a dictionary attack using common usernames and random passwords. One of the things you can do that's helpful is to use DenyHosts. It's a daemon that will create entries in /etc/hosts.deny after a pre-determined number of failed logon attempts. It's open source and available at www.denyhosts.net.