From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 27 22:25:09 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 68F95FE6
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 22:25:09 +0000 (UTC)
 (envelope-from alexmiroslav@gmail.com)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com
 [209.85.214.182])
 by mx1.freebsd.org (Postfix) with ESMTP id 2B5D88FC15
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 22:25:08 +0000 (UTC)
Received: by mail-ob0-f182.google.com with SMTP id 16so14768273obc.13
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 14:25:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=FEP8Sn7k+yidcWCMm4Pbi8E4w0nJG0xp/La5p4x47LQ=;
 b=ShRbN2+84RtrQ+VP1PULuiZYUDB1Fi4/gX974T6jqTr85pBt6Nb2bwM4yNqmPlU1pM
 uTICM+VfRQRJE3nchd32lzsQ8nR4PgmGZxn90ZZ75paAkn6Gs/3tDdN8kFhWokIGb44Y
 TDKYiqLFPMCabj8GiefnQFfA9U4J85cQTSJZUIxYj6airhwPHmeF3rHRoini686WO48G
 CwrlexorUHedKIvHrXWwc1AzqHBxJ/j9HF6684rVkgN0qaUywC1JuoodID1FfhyhtRRn
 D38yChXDnO1CDRKqrhPy3bRC6/fts9LbRvs++DQNfyVnSuH0pi0Wmfa3iVRGi2OpXc8b
 53Bg==
MIME-Version: 1.0
Received: by 10.60.24.161 with SMTP id v1mr13879445oef.115.1354055108376; Tue,
 27 Nov 2012 14:25:08 -0800 (PST)
Received: by 10.60.4.3 with HTTP; Tue, 27 Nov 2012 14:25:08 -0800 (PST)
Date: Tue, 27 Nov 2012 17:25:08 -0500
Message-ID: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
Subject: denyhosts, fail2ban, or something else?
From: Aleksandr Miroslav <alexmiroslav@gmail.com>
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2012 22:25:09 -0000

Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
considering using denyhosts, or fail2ban. Anyone have any experience
with these?

I'm already using the AllowUsers facility of ssh to only allow specific
users in, so I'm not overly concerned about the attempts.

This is for a FreeBSD 8.x box running pf, btw.

Thanks