Are you concerned about brute force dictionary attacks on SSH? Given the popularity of these attacks, you should be. sshguard is a new tool to help protect against such attacks. Although it is still in beta stage, it appears to work well.

OpenSSH provides a secure alternative to clear-text logins used by first-generation network protocols like Telnet and FTP. But it's not enough simply to use SSH instead of Telnet -- you have to use it wisely. If you use weak passwords with SSH, a brute force dictionary attack will reveal your secrets as easily as if your password were sent in clear text.

sshguard protects you from brute force attacks on port 22. It watches SSH login attempts and inserts a rule in your firewall to block the IP addresses of attackers. By default, sshguard will block an attacker (insert a rule in the firewall to block the attacker's IP address) after four unsuccessful attempts within a 20-minute period. Blocked IP addresses are allowed past the firewall again after a random interval of between 7 and 10.5 minutes.

Here's how to install sshguard on a typical Linux system. Download the latest version and decompress it with the command tar xjf sshguard-0.9.tar.bz2. From there the installation instructions vary by platform, so peruse the README you'll find in the sshguard-0.9 directory, even if you're following the instructions here.

To compile sshguard, enter the command python scons.py -Q FIREWALLTYPE=iptables. Once it's compiled, install it by running as root the command python scons.py -Q FIREWALLTYPE=iptables install.

The link for this article located at Linux.com is no longer available.