[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: is there a way to block sshd trolling?



You could use pf to block linux ssh access.

block in log quick on $EXT_IF inet proto tcp from any os "Linux" to port 22 label "Blocked Linux ssh access: "

That'll reduce it quite a lot.



John Marten wrote:

You know what i mean? Every day I get some script kiddie, or adult
trying to guess usernames or passwords.
I've installed the newest version of SSH, so i'm covered there. But I
still get a dozen or 2 of the
"sshd Invalid user somename from ###.##.##.###"
"input_userauth_request: ivalid user somename"
"Failed password for invalid user somename"
"Recieved disconnect from ###.##.##.###"
Someone told me to add a 'block in quick on $net inet proto {tcp,udp}
from ###.##.##.### to any flags S/SA'
entry in my pf.conf file. But if I had do that for every hacker my
pf.conf would be huge!
There's got to be a better way, and I'm open to suggestions.


John F. Marten III

Information Technology Specialist