Bug 965 - auto disable/block of ip address
Summary: auto disable/block of ip address
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 3.9p1
Hardware: All Linux
: P2 enhancement
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-12-21 01:38 AEDT by Jeremiah Jahn
Modified: 2006-10-07 11:38 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremiah Jahn 2004-12-21 01:38:26 AEDT 
I would like to see the ssh deamon stop allowing attempts to connect from an ip
address after a certain number of failures. My logs tend to fill up after a
night of script kiddy hell. 

1) There should be a way to turn this off/on
2) A way to get the list and re-enable/remove an ip address.
3) A attempt count setting so that after X failures autoblocking happens 

I've grown very accustomed to something similar on AS400's.  It very hanndy to have.

thanx,
-jj-
Comment 1 Damien Miller 2004-12-21 09:31:11 AEDT 
We won't implement reflexive blocking, it can be easily implemented by scanning
logs (i.e not in ssh) and there are too many ways it can be turned into a
denial-of-service. 

If you really want to do this, there are scripts that will parse logfiles and
add addresses found to a firewall rule.
Comment 2 Darren Tucker 2004-12-21 09:40:28 AEDT 
I'll also add that if you really want this and your sshd is built with PAM then
then you could implement this policy in a PAM module (eg hack pam_tally to take
notice of PAM_RHOST).
Comment 3 Darren Tucker 2005-01-11 18:30:49 AEDT 
Incidentally, if folks running PAM really want to do this, there's now a pam_abl
module that does it: http://www.hexten.net/sw/pam_abl/
Comment 4 Darren Tucker 2006-10-07 11:38:17 AEST 
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.