http://denyhosts.sf.net might be for you.

Tev

http://itefix.no/copssh

> -----Original Message-----
> From: Zembower, Kevin [mailto:kzembowe@jhuccp.org]
> Sent: 28. mars 2006 16:13
> To: secureshell@securityfocus.com
> Subject: Advice on dealing with scripted SSH attacks?
>
> What's the current advice on dealing with scripts that
> repeatedly try to log onto SSH using a list of common
> usernames and 'password' for the password? I get up to 4,000
> of these a day from a single server. In searching Google on
> this, I've learned of techniques using PAM and firewall rules
> that are created dynamically in response to log-in attempts.
>
> Can someone point out a link or tell me what they think are
> the best practices for dealing with this? Sooner or later,
> one of my users is going to have the unfortunate combination
> of a common user name and a bad password.
>
> Ideally, what I'd like would be a system that exponentially
> increases the timeout period after each repeated failed login
> attempt from the same host up to a maximum of 10-20 minutes
> before resetting.
>
> Thanks for your advice.
>
> -Kevin Zembower
>