1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH Remote Access

Discussion in 'Tomato Firmware' started by givemeaname, May 16, 2007.

  1. givemeaname

    givemeaname LI Guru Member

    Hi

    i use SSH to log in to my router from the inet.
    if i watch the logfiles i see sometimes bad login attempts. is there a way to block this attempts ? sometimes there are more then 20 attempts and i like to block them at the 3 wrong password ..

    any help would be appreciated ..
     
  2. ifican

    ifican Network Guru Member

    I dont know of any why to block access. If you have a strong username and password you have nothing to worry about. I sometimes see 1500-2000 attempts in any given 24 hour period. But if your logs are capable enough you will notice that the username is never correct let alone a viable attempt at a good password.

    Now let me step back for a minute, you can depending on the device you are using restrict all but the ip's that you want. But with just the router code there is no way to tell it to stop listening after a couple of bad attempts. At least that i am aware of.
     
  3. venk25

    venk25 Network Guru Member

    Listen on non-standard port

    Or, you could do what I'm doing - make external ssh listen port a non-standard one - something other than port 22, say 1022 :)
     
  4. givemeaname

    givemeaname LI Guru Member

  5. digitalgeek

    digitalgeek Network Guru Member

    I have a nonstandard port attached to me remote ssh so I rarely see failed attemps... coincidence I recently setup filezilla to assist with another thread, and saw several attemps to logon???? At one point I had an anonymous log on and saw several attemps to navigate through a linux/unix filesystem... lol it was one flat folder that was seen... the best conclusion is to set non-standard ports and forward them internally to the correct ones...
     
  6. roadkill

    roadkill Super Moderator Staff Member Member

    I think the best way is to secure the SSH port to a certain IP range
    and use nonstandard port of course :grin:

    and this is the way to limit connections/time

     

Share This Page