From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 27 23:30:20 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id AF87ACD3
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 23:30:20 +0000 (UTC)
 (envelope-from Lena@lena.kiev.ua)
Received: from lena.kiev.ua (lena.kiev.ua [82.146.52.81])
 by mx1.freebsd.org (Postfix) with ESMTP id 6B5E48FC19
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 23:30:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lena.kiev.ua;
 s=3; 
 h=Content-Type:Mime-Version:Message-ID:Subject:To:From:Date;
 bh=UaHz+jY6aN9uP9NUV8VUEXVh2cUSeWtJ/5bUVm2j9CY=; 
 b=VEq/Bs7YdxYR+olZsFHV/MDQqHf1SMBfFs5uYPbsGc4VQlh/cmr65JzjX+U60Gp1Hc1MdZrqq9EG8J/gJx094AtbZGuHHQh69lUeQO2maRHfp4YvZ1aQmzOxtJzY3FLcPQ9ktA8re4+DFHscfrCViPWOUG19f+RWRImmbw9mcq8=;
Received: from ip-384c.rusanovka-net.kiev.ua ([94.244.56.76]
 helo=bedside.lena.kiev.ua)
 by lena.kiev.ua with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
 (Exim 4.80 (FreeBSD)) (envelope-from <Lena@lena.kiev.ua>)
 id 1TdUbZ-0007tx-Ez
 for freebsd-questions@freebsd.org; Wed, 28 Nov 2012 01:30:19 +0200
Received: from bedside.lena.kiev.ua (localhost.lena.kiev.ua [127.0.0.1])
 by bedside.lena.kiev.ua (8.14.5/8.14.5) with ESMTP id qARNU6EU009077
 for <freebsd-questions@freebsd.org>; Wed, 28 Nov 2012 01:30:06 +0200 (EET)
 (envelope-from Lena@lena.kiev.ua)
Received: (from lena@localhost)
 by bedside.lena.kiev.ua (8.14.5/8.14.5/Submit) id qARNU69w009076
 for freebsd-questions@freebsd.org; Wed, 28 Nov 2012 01:30:06 +0200 (EET)
 (envelope-from Lena@lena.kiev.ua)
Date: Wed, 28 Nov 2012 01:30:06 +0200
From: Lena@lena.kiev.ua
To: freebsd-questions@freebsd.org
Subject: Re: denyhosts, fail2ban, or something else?
Message-ID: <20121127233006.GF5996@lena.kiev>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2012 23:30:20 -0000

> Finally got sick of seeing tons of ssh break-in attempts in my logs.

I invoke sshd from inetd with limit 3 connections/min in /etc/inetd.conf:

ssh     stream  tcp nowait/0/3  root    /usr/sbin/sshd          sshd -i -4