Re: [Sshguard-users] Username Blacklisting

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On 05/08/2015 11:51, Laurence Perkins (OE) wrote:
> While we're discussing potential new features, I've noticed that nearly
> all attackers hit the same list of default usernames (root, pi, ubuntu,
> etc.)  It would be useful to be able to specify a list of usernames that
> result in an immediate block without waiting for the login to fail.
> (Processing the login attempt uses a not-insignificant amount of CPU on
> low-end machines like a Raspberry Pi.  Blocking the connection
> immediately would save quite a bit.)

Sounds interesting, especially with the use case you describe (running
on a Raspberry Pi). Have you taken a look at OpenSSH settings like
AllowUsers or DenyUsers? Do those incur the same CPU penalty?

This sounds useful; I'll start poking around soon.

Best,
Kevin Zheng

-- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090

Re: [Sshguard-users] Username Blacklisting

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] Username Blacklisting