From owner-freebsd-questions@FreeBSD.ORG Mon Jan 11 14:08:47 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F58F106566C for ; Mon, 11 Jan 2010 14:08:47 +0000 (UTC) (envelope-from david@vizion2000.net) Received: from dns1.vizion2000.net (dns1.vizion2000.net [62.49.197.50]) by mx1.freebsd.org (Postfix) with ESMTP id B7F548FC0A for ; Mon, 11 Jan 2010 14:08:46 +0000 (UTC) Received: by dns1.vizion2000.net (Postfix, from userid 1001) id 6A5F934D449; Mon, 11 Jan 2010 14:08:43 +0000 (GMT) From: David Southwell Organization: Voice & Vision To: freebsd-questions@freebsd.org Date: Mon, 11 Jan 2010 14:08:43 +0000 User-Agent: KMail/1.12.4 (FreeBSD/7.2-RELEASE-p3; KDE/4.3.4; amd64; ; ) References: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk> In-Reply-To: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201001111408.43361.david@vizion2000.net> Cc: Anton Shterenlikht Subject: Re: denying spam hosts ssh access - good idea? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2010 14:08:47 -0000 > I'm thinking of denying ssh access to host from which > I get brute force ssh attacks. > > HOwever, I see in /etc/hosts.allow: > > # Wrapping sshd(8) is not normally a good idea, but if you > # need to do it, here's how > #sshd : .evil.cracker.example.com : deny > > Why is it not a good idea? > > Also, apparently in older ssh there was DenyHosts option, > but no longer in the current version. > Is there a replacement for DenyHOsts? > Or is there a good reason for such option not to be used? > > many thanks > anton > I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also use blackhole and sshguard david