[Freedombox-discuss] Block brute force login attacks?
anders.jackson at gmail.com
Tue Mar 18 21:05:24 UTC 2014
Den 18 mar 2014 13:46 skrev "Petter Reinholdtsen" <pere at hungry.com>:
> On all my machines, I install denyhosts with a two hour timeout
> (DAEMON_PURGE = 2h), to block those trying to brute force a ssh login.
> Should we do something similar on the Freedombox?
This can be done directly by iptables, (but not yet with iptables6 for
So I would suggest using a firewall utility instead, like ufw or shorewall.
> The default for denyhosts is to block forever, while my experience is
> that this can cause denial of service if I type the wrong ssh key
> password three times or cancel a commit over ssh, so in my view it si
> too agressive, and a sensible timeout is needed. Most attackers give
> up after few minutes after they are blocked. I do not know the two pam
> modules, so I do not know if they have a timeout by default.
Yes, I think that is a bit too aggressive to block for more than a couple
of hours. Half an hour to couple of hours after three failed access would
be better, as you suggests. This can be set up in iptables. See ufw
> Happy hacking
> Petter Reinholdtsen
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freedombox-discuss