Re: [Sshguard-users] protecting a server with password authentication disabled

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

>> If you use a key, is there any advantage to blocking the port 22
>> password guessers? That is, sshguard does protect other services. I'm
>> thinking an IP that attacks ssh is likely to attack other services.
>> The hacker/bot doesn't know passwords are not used for ssh.
> 
> If your sshd is configured to allow only key logins, password guessing
> attempts will show up as "preauth" disconnects. SSHGuard treats these
> messages like any other attack and blocks accordingly.

This was not the case at least when I attempted to repeatedly connect with incorrect keys over 15 times, the connection was still open. This is why I sent the initial message. It seems like it would be a good idea to block this kind of pre-auth disconnect.

I did find some instructions (in previous message). However, I was wondering why this was not part of the standard configuration or if there was a simple flag which needed to be set to enable blocking of these pre-auth attacks?

Thanks.

Re: [Sshguard-users] protecting a server with password authentication disabled

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] protecting a server with password authentication disabled