Thanks to both of you.
Same behaviour on my two servers (one FreeBSD and one Debian). This is probably not a bug but normal default behaviour.
I'm afraid so. Im going to file a bug report anyway. Especially as it worked with OpenSSH 5.0, at least with a high enough LogLevel.
Which is why I use iptables. Why install another service such as fail2ban or deny hosts when iptables is perfectly capable (both of logging and blocking these attempts) ?
And yes, my iptables rules work with keys or passwords =)
Hm, sounds good. How do you manage that? Block every IP that tries to connect too often in a given timeframe? (That's the only way I found using iptables.)
It looks like it's no possible for iptables to differentiate between failed and successful attempts.
On the other hand it's not very likely that I or scripts of mine try to connect in such short intervals anyway.
Something like those two scripts?
script in /etc/network/if-down.d/
Code:
#!/bin/bash
[ "${METHOD}" != loopback ] || exit 0
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
script in /etc/network/if-up.d/
Code:
#!/bin/bash
[ "${METHOD}" != loopback ] || exit 0
/sbin/iptables -D INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
/sbin/iptables -D INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 8 --rttl --name SSH -j DROP
http://kevin.vanzonneveld.net/techbl...with_iptables/
In terms of using thousands of keys, good luck on that. You would first need to somehow duplicate my private key, then get the user name, then get the password. Nothing is impossible, but cracking my server by using thousands of keys is highly improbable.
Of course you are right, that's not very likely. It just bugged me, that I'd have no way of telling if it would indeed happen. Or at least not a very obvious way.
Bookmarks