Brute Force Adaptive Service not working

Post Reply
Posts: 5
Joined: Tue Sep 15, 2015 8:16 pm

Brute Force Adaptive Service not working

Post by FbxSteve » Tue Sep 15, 2015 9:29 pm

I have set brute force adaptive on SSH (5 connections / 182). Using a VPN connection (so I did not block my own IP!) I repeatedly tried to connect using "joe@" (a user that does not exist). At any rate, I have configured my server to only use PKI logins rather than username/password. The system log saw each attempt as an "invalid user," however, the IP address never appeared in the banned list. Any idea what the problem is?

Posts: 466
Joined: Wed Dec 10, 2014 5:20 pm

Re: Brute Force Adaptive Service not working

Post by hany » Thu Sep 17, 2015 11:26 am

Hello Steve,

I never used "PKI" logins so I will have a look at it asap.
Btw, does this PKI thing uses and external daemon/ports for authentication? (like kerberos does)

Adaptive firewall on Murus is a very basic way to "count" connections. Murus is not able to distinguish between failed and successfull logins but only between "handshakes" and "normal traffic" from a client to a server. "Normal traffic" is not limited, while "handshakes" are. The limits your are definining within Murus are about "handshakes". I don't know but probably the PKI thing is changing the way ssh connects to sshd.

Post Reply