Auto Banning people from continually trying passwords on SSH

[supanatral]

I'm getting tons of these errors in my console:

Nov 20 22:09:04 minimac com.apple.launchd[1] (com.apple.emlog[678]): Exited with exit code: 39

After doing research, I found out that this is from people trying to login to my SSH and trying random passwords. Is there a way to ban their IP's after a few tries?

 

[ElDiabloConCaca]

Mac OS X Server version 10.4 and 10.5 have automatic "tarpitting," which basically slows down server responses to a specific IP after a number of failed login attempts. It basically slows down authentication attempts, so that any specific IP address can only try a low number of times to login per minute/hour, and if you have a strong password (at least 8 characters, alpha-numeric, upper- and lower-case, with symbols) attached to your user account, it basically ensures that it would take the hackers eons (literally -- hundreds or thousands of years) to "guess" your password.

The error message you posted does not indicate a failed ssh login -- you would specifically see logs along the lines of "failed password for user: xxx" where "xxx" is the username they tried.

Do you see any log entries along the lines of that either preceding or following that specific log message you posted? Do you have FTP access turned on as well?

 

[Kees Buijs]

If you do not require SSH access from the outside world, you can set your router (if you have any) to block SSH requests, thus preventing them from even trying.


Good luck Kees

 

[ora]

Or set it for public key encryption maybe?