Hi, sifting through my system's logs, I noticed many break-in attempts by rogue ssh clients trying long lists of common passwords. For some time now I pondered different approaches to counter these, but could not come up with a solution that really satisfied me. I finally reached the conclusion that any countermeasures required support in sshd itself, and created the attached patch. If activated in sshd_config, an external program will be invoked every time a session is terminated without the requesting client being authenticated. The program is passed the offending client's IP address in its environment. It could then block the originating host, possibly after a predefined number of such events in a certain interval, by reconfiguring the system's firewall or similar means. Comments welcome. Thomas Koeller (1): sshd: Added authentication failure hook servconf.c | 6 ++++++ servconf.h | 1 + sshd.c | 19 +++++++++++++++++++ sshd_config | 3 +++ sshd_config.5 | 11 +++++++++++ 5 files changed, 40 insertions(+) -- 2.24.1 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
