Good suggestion. You could also use rate-limiting on your firewall to slow down inbound connections from the same attacker. > On Mar 18, 2023, at 7:19 AM, Philipp Marek <philipp@xxxxxxxxxxxxx> wrote: > > I guess you might find fail2ban useful. > > It scans logfiles (like /var/log/sshd.log), and when it sees too many authentication failures from an IP address (or network range) it can issue commands to drop any further attempts via a firewall. > > By having it read its own logfile it's possible to have repeated offenders be cut out for longer and longer time spans. > > https://www.fail2ban.org/wiki/index.php/Main_Page > https://supine.com/posts/2012/08/fail2ban-monitoring-itself-recursively/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
