Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Users
Max connections per client?
reed at reedmedia
Jul 9, 2009, 6:45 AM
Post #1 of 6 (8955 views)
Permalink
I thought I saw a patch or feature for an sshd for blocking max
connections per client, max failed authentication attempts per client,
and/or max authentication attempts per client . Does anyone know about
that?

Or do any less popular open source SSH servers provide that? (Keep counter
of connections, attempts, failures per client?)
Re: Max connections per client? [ In reply to ]
kurth at kurthbemis
Jul 9, 2009, 9:31 AM
Post #2 of 6 (8791 views)
Permalink
On Thu, 2009-07-09 at 08:45 -0500, Jeremy C. Reed wrote:
> I thought I saw a patch or feature for an sshd for blocking max
> connections per client, max failed authentication attempts per client,
> and/or max authentication attempts per client . Does anyone know about
> that?
>
> Or do any less popular open source SSH servers provide that? (Keep counter
> of connections, attempts, failures per client?)

There are a number of perl scripts and what not that will tail your
secure.log and record failed logins and other connection information.

A number of them will also use iptables to block attacking IP's, which
is most useful. :]

You could always hack up a perl script to record that information for
you, I haven't heard or see of any readily available solution floating
around....

HTH
~k
Re: Max connections per client? [ In reply to ]
matteo.filippetto at gmail
Jul 9, 2009, 9:32 AM
Post #3 of 6 (8791 views)
Permalink
2009/7/9 Jeremy C. Reed <reed@reedmedia.net>:
> I thought I saw a patch or feature for an sshd for blocking max
> connections per client, max failed authentication attempts per client,
> and/or max authentication attempts per client . Does anyone know about
> that?
>
> Or do any less popular open source SSH servers provide that? (Keep counter
> of connections, attempts, failures per client?)
>

Hi,

look at sshd config options. you can find them here

http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config

In particular there is this option

NumberOfPasswordPrompts
Specifies the number of password prompts before giving up. The
argument to this keyword must be an integer. The default is 3.

Bye

--
Matteo Filippetto
Re: Max connections per client? [ In reply to ]
matteo.filippetto at gmail
Jul 9, 2009, 9:34 AM
Post #4 of 6 (8805 views)
Permalink
2009/7/9 Jeremy C. Reed <reed@reedmedia.net>:
> I thought I saw a patch or feature for an sshd for blocking max
> connections per client, max failed authentication attempts per client,
> and/or max authentication attempts per client . Does anyone know about
> that?
>
> Or do any less popular open source SSH servers provide that? (Keep counter
> of connections, attempts, failures per client?)
>

Sorry,

those were information about client...

these are sshd options...

http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config

MaxAuthTries
Specifies the maximum number of authentication attempts permitted
per connection. Once the number of failures reaches half this
value, additional failures are logged. The default is 6.

MaxSessions
Specifies the maximum number of open sessions permitted per net-
work connection. The default is 10.

Bye
--
Matteo Filippetto
Re: Max connections per client? [ In reply to ]
brad.edmondson at gmail
Jul 9, 2009, 9:35 AM
Post #5 of 6 (8798 views)
Permalink
Jeremy-
SSH servers do not typically include this; however you can use
denyhosts or fail2ban to block IPs with too many failed connection
attempts. It's difficult to use anything other than IP to identify a
brute-force attacker, since they can change almost everything else
(client name, username, client auth key, etc.) and still be successful
in a dictionary attack. These days, it is also common to see
distributed ssh brute-force attacks, in which many (likely owned)
computers will each try a small number of dictionary attacks, but from
a large number of IPs.

Connection Banning:
Denyhosts: http://denyhosts.sourceforge.net/
fail2ban: http://www.fail2ban.org/wiki/index.php/OpenSSH


You also may want to take a look at port knockers, which are silent
daemons that can open a firewall only to one IP for a limited amount
of time when it receives a series of tcp/udp connection attempts or
(my favorite) in the case of fwknop, a pgp-signed packet that is
authenticating and non-replayable.

Traditional port knocking: https://help.ubuntu.com/community/PortKnocking
Single packet authorization: fwknop: http://www.cipherdyne.org/fwknop/

Regards,
Brad


On Thu, Jul 9, 2009 at 9:45 AM, Jeremy C. Reed<reed@reedmedia.net> wrote:
> I thought I saw a patch or feature for an sshd for blocking max
> connections per client, max failed authentication attempts per client,
> and/or max authentication attempts per client . Does anyone know about
> that?
>
> Or do any less popular open source SSH servers provide that? (Keep counter
> of connections, attempts, failures per client?)
>
Re: Max connections per client? [ In reply to ]
rabbitearcreek at gmail
Jul 9, 2009, 2:16 PM
Post #6 of 6 (8807 views)
Permalink
On Thu, 9 Jul 2009 08:45:10 -0500 (CDT)
"Jeremy C. Reed" <reed@reedmedia.net> wrote:

> I thought I saw a patch or feature for an sshd for
> blocking max connections per client, max failed
> authentication attempts per client, and/or max
> authentication attempts per client . Does anyone know
> about that?
>
> Or do any less popular open source SSH servers provide
> that? (Keep counter of connections, attempts, failures
> per client?)

OpenBSD has an option using pf to catch bruteforce
attacks. You basically specify a limit on connection
attempts on a port from one place. When someone exceeds
those attempts, it adds them to a table and denies them
further access.

Eric

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal