On my
windows boxes I eliminate brute
force attacks by having it lock out any account for 2 seconds after a
wrong
password and 15 minuets after 10 wrong passwords. But I don’t know how
to configure this on Linux?
I use denyhosts to keep the dictionary attacks to a minimum. It's a
little daemon written in Python that scans ssh's logs and looks for
dictionary attacks. When a certain IP hits a user-configurable limit
of failed login attempts, the daemon adds that IP to ssh's host.deny
file. No more attempts from that IP.
You can set it up to purge the deny list after a certain amount of time
if you like. You can configure a different threshold for 'root' vs.
any other account. (ie: a remote attempt to log in as root gets an
instant ban. I already have root logins disabled, but this extra rule
traps a lot of bots.)
When I first started this up, I had about 150 IPs on my 'banned' list
inside of an hour. The number of new bans has gone down dramatically
since then, and I'm only seeing two or three a week now.