Finally there’s an easy, automatedand a distributed method of stomping those annoying automated ssh attacks Every system admin can tell you from their sys logs that they’re getting hit hundreds or thousands of times a day. There’s no end to the number of people trying to break into your machine through ssh. Most of the time the attacker is using known system account and weak dictionary passwords. It’s always annoyed me to no end that ssh is “secure” as in encrypted, but boy is it targeted. Over the last few months I’ve decided to do something about it. I first tried a script called knock that adds to ipchains. But it never did quite work for me. There were all sorts of scripts that will automatically add entries (ip of the attacker) to hosts.deny. The one I finally chose is denyhosts at This little script is awesome!!! It can be configured to run as a daemon. There’s loads of options and it works!!! It’ll even upload the results on your box to a central server, then distribute the results out to any of the servers that want the central list for blocking. I checked it out last night and within a hour I had it configured and running on all my servers. Even the old Fedora Core 3 still kickin. HaHa! I don’t know how long this will work, but right now I’m loving it. You know that it’s only a matter of time with dic attacks. If you’re the admin of even one live server in the wild you owe it to yourself to check it out. The included README.txt explains all the setup params. Check this out, I can’t say enough good about. I’m hoping tonight I’ll see a significant decrease of failed logins reported.

This article was last updated on: 06 Jan 2007