How to secure the SSH login @ my Linux box

[hyperlinux]

Assalam u Alaikum
i have problem in my linux SSH server peoplez try to login to server through ssh. How i want to block those attempts? if some buddy tries for 3rd time wrong password the linux block its IP like that. ... . .
can any budy u guyz help me out in this regard
Thnx

[lambda]

if you want to block the ip after the third attempt, you can run a script that does "tail -F /var/log/secure.log" (or whatever the log file with the ssh attempts is called), and when it matches against an ip three times in, say, a minute, it can run "iptables -A INPUT -s ip.add.re.ss -j REJECT" or something.

it might help to age out old entries from the input chain every so often, too.

i could write it for you, but you need the exercise. use your brain!

[hyperlinux]

thnx for u r quick reply i understand that u sey but can i do this in /etc/ssh/sshd.conf file and what abt. the knocking script what u suggest

[Saad Khan]

check out this link to block ssh brute forcing attacks
http://www.csc.liv.ac.uk/~greg/sshdfilter/

[lambda]

but can i do this in /etc/ssh/sshd.conf file

no, you can't.

what abt. the knocking script what u suggest

the one you write yourself. don't want to write one? use the package saad khan suggested.

you'll be a better person if you try to write one yourself, though.

[jargon]

I would also disable any root logins and turn off password authentication and use keys for authentication. that way people can try w/ passwords as much as they like and sshd will never comply since password authentication will be off. I might be making this last part up

[abakali]

best way to secure ssh disable root ssh login and define your own user name to log on the ssh server

[lambda]

do what jargon says. simply disabling logins as root will not secure your system.