From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LPOQC-0007Lr-9J for garchives@archives.gentoo.org; Tue, 20 Jan 2009 21:46:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 556E1E0571; Tue, 20 Jan 2009 21:46:06 +0000 (UTC) Received: from dcnode-02.unlimitedmail.net (smtp.unlimitedmail.net [88.148.19.186]) by pigeon.gentoo.org (Postfix) with ESMTP id EB056E0571 for ; Tue, 20 Jan 2009 21:46:05 +0000 (UTC) Received: from ppp.zz ([137.204.208.98]) (authenticated bits=0) by dcnode-02.unlimitedmail.net (8.14.3/8.14.3) with ESMTP id n0KLjuGQ021194 for ; Tue, 20 Jan 2009 22:45:56 +0100 From: Etaoin Shrdlu To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Why isn't sshd blocking repeated failed login attempts? Date: Tue, 20 Jan 2009 22:47:05 +0100 User-Agent: KMail/1.9.9 References: <58965d8a0901201333j458b57e8hde9fe4c857e00e2c@mail.gmail.com> In-Reply-To: <58965d8a0901201333j458b57e8hde9fe4c857e00e2c@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901202247.05855.shrdlu@unlimitedmail.org> X-UnlimitedMail-MailScanner-From: shrdlu@unlimitedmail.org X-Spam-Status: No X-Archives-Salt: 947e11b4-52bc-485f-9775-14bef47e42be X-Archives-Hash: a3184cb62fc9b5c7378a51470177df6c On Tuesday 20 January 2009, 22:33, Paul Hartman wrote: > Hi, > > After setting up public key authentication i changed my sshd back to > port 22 and got the expected bombardment of connection attempts. > However, it doesn't seem to ever stop them. I'm using sshd with this > setting: > > MaxAuthTries 3 > > in my /etc/ssh/sshd_config > > So, why does it allow unlimited failed login attempts? For example, as > I write this I'm seeing this in my logs: > > Jan 20 14:54:38 [sshd] Invalid user ejin from 72.70.42.36 > Jan 20 14:54:39 [sshd] Invalid user core from 72.70.42.36 > [cut] What MaxAuthTries does is just start logging the failed attempts when they reach ( value / 2 ). MaxAuthTries Specifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6.