I guess you might find fail2ban useful. It scans logfiles (like /var/log/sshd.log), and when it sees too many authentication failures from an IP address (or network range) it can issue commands to drop any further attempts via a firewall. By having it read its own logfile it's possible to have repeated offenders be cut out for longer and longer time spans. https://www.fail2ban.org/wiki/index.php/Main_Page https://supine.com/posts/2012/08/fail2ban-monitoring-itself-recursively/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
