Date: Mon, 11 Jan 2010 14:08:43 +0000 From: David Southwell <david@vizion2000.net> To: freebsd-questions@freebsd.org Cc: Anton Shterenlikht <mexas@bristol.ac.uk> Subject: Re: denying spam hosts ssh access - good idea? Message-ID: <201001111408.43361.david@vizion2000.net> In-Reply-To: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk> References: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm thinking of denying ssh access to host from which > I get brute force ssh attacks. > > HOwever, I see in /etc/hosts.allow: > > # Wrapping sshd(8) is not normally a good idea, but if you > # need to do it, here's how > #sshd : .evil.cracker.example.com : deny > > Why is it not a good idea? > > Also, apparently in older ssh there was DenyHosts option, > but no longer in the current version. > Is there a replacement for DenyHOsts? > Or is there a good reason for such option not to be used? > > many thanks > anton > I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also use blackhole and sshguard david
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001111408.43361.david>