Rate limit SSH public key failures

Question

I'm trying to rate limit the number of failed SSH logins on my server. It is set up not to accept any passwords, and accepts PubKeyAuth

Is there a way to rate limit the number of bad logins I get from a user? Like if I see a lot of

Feb 12 20:58:55 sshd[...]: Failed publickey for ...

Can I do something like limit that to X attempts every Y mins? I tried using PAM, but it looks like it is used only for password based auth

Similar https://serverfault.com/q/17870/984 – Zoredache Feb 13 '20 at 00:52 — Zoredache, Feb 13 '20 at 00:52

score 1 · Answer 1 · answered Feb 12 '20 at 23:57

1

Assuming UsePAM yes PAM is used even when using key-based authentication but only the account and session modules.

However, I'd suggest something like fail2ban to attain this goal.

answered Feb 12 '20 at 23:57

Mark Wagner

1 Answers1