Description of problem: With the SSH port opened via iptables, it is possible for others to run a brute force ssh attack. Version-Release number of selected component (if applicable): How reproducible: Always on any internet accessible machine Steps to Reproduce: 1. Open SSH port via iptables or system-config-securitylevel 2. 3. Actual results: Logs reveal repeated and constant attempts to login to SSH using common usernames and passwords Expected results: Allow users in system-config-securitylevel to enable throttling on the SSH port to discourage repeated attempts. See : http://la-samhna.de/library/brutessh.html#3 for more details. Ideally this functionality could be easily exposed as well as having the parameters customizable. Additional info:
There will be a new firewall configuration tool for Fedora, soon. Mechanisms like this are on the todo list.
Assigning to system-config-firewall in devel.
Adding FutureFeature keyword to RFE's.
The ability to block hosts which repeatedly fail to login is provided by the denyhosts package. Should this RFE remain open?
denyhosts certainly does the job but I think a GUI to enabled denyhosts and to change the config in system-config-firewall or its replacement is necessary to help expose this functionality. Is there any chance that denyhosts (with fairly lax restrictions) would be considered to be enabled on default installs? I can't think of a valid use case where an IP should continually bang on a server with bad passwords.
Closing because there will not be big changes to system-config-firewall anymore.