Many: Failed password for root from 186.36.27.16 port 3129

ggzengel

sshlockout table is empty even if there are more then 10 login attempts.

eri--

15 is teh magic value

ggzengel

There where a lot more.
I think they connected a lot of session parallel and than they tried the passwords.

How much ssh session are possible?

eri--

Depends on how much you allow them to be.
By default 'unlimited'. But you can limit by firewall rules how many ssh sessions are allowed.

rpsmith

Seems to me the default should be something less the "unlimited"  :o

Roy…

eri--

Its your firewall not ours.
We give you failed session per host on webgui and ssh the other stuff is random choice.

I just do not want a discussion on why 5 is low and 100 is high.

rpsmith

someone picked a reasonable value for this:  "15 is the magic value"

Roy…

ggzengel

I have a little bit more than 15 tries in 90 minutes.

cat system.log | grep "from 211.143.200.26 port" | wc
    1844  29419  220331

I didn't find the option to enable automatic blocking.
I know it was working befor.

2.0-BETA4 (amd64) built on Tue Dec 7 07:38:11 UTC 2010

ggzengel

Now it will be an big security issue.

My 2nd pfsense does have this problem too.

cat system.log | grep "from 218.200.163.154 port" | wc
    2467  39118  278475

2.0-BETA4 (i386) built on Thu Dec 9 13:24:37 EST 2010

cmb

Recent changes broke it, it's being worked on.

eri--

Fixed in latest code.