vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #782 from sever-sever/sshguard

Browse Source 
sshguard: Add ssh dynamic-protection
This commit is contained in:
Robert Göhler 2022-05-31 11:49:25 +02:00 committed by GitHub
commit 336b4498b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
docs/configuration/service/ssh.rst
View File

@ -109,6 +109,36 @@ Configuration
Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance. Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance.
Dynamic-protection
==================
Protects host from brute-force attacks against
SSH. Log messages are parsed, line-by-line, for recognized patterns. If an
attack, such as several login failures within a few seconds, is detected, the
offending IP is blocked. Offenders are unblocked after a set interval.
.. cfgcmd:: set service ssh dynamic-protection
Allow ``ssh`` dynamic-protection.
.. cfgcmd:: set service ssh dynamic-protection allow-from <address | prefix>
Whitelist of addresses and networks. Always allow inbound connections from
these systems.
.. cfgcmd:: set service ssh dynamic-protection block-time <sec>
Block source IP in seconds. Subsequent blocks increase by a factor of 1.5
The default is 120.
.. cfgcmd:: set service ssh dynamic-protection detect-time <sec>
Remember source IP in seconds before reset their score. The default is 1800.
.. cfgcmd:: set service ssh dynamic-protection threshold <sec>
Block source IP when their cumulative attack score exceeds threshold. The
default is 30.
Operation Operation
========= =========