On Wed, Apr 21, 2021 at 8:57 PM Gregory Seidman <gsslist+ssh@xxxxxxxxxxxxxxxxxx> wrote: > > Adding this functionality to OpenSSH sounds like the wrong approach. If you > want this I recommend running endlessh on a different port (it even > defaults to 2222) and using your system's firewall configuration (iptables, > pfsense, whatever) to redirect SSH traffic from whatever IP address (range) > to the endlessh port. Put your SSH on a different port to avoid scanning, and leave this to clutter incoming attacks on port 22? Sounds like a technology project in need of a compelling use. > Even better, fail2ban already exists to automatically detect hostile IP > addresses and contain them, and allows arbitrary iptables rules to as the > ban action. Instead of simply dropping packets from the hostile IP > addresses you can trap them with endlessh. This does seem like the cleaner approach, with a well known and robust tool. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
