Date: Mon, 11 Jan 2010 10:40:24 -0700 From: Ben Schumacher <me@benschumacher.com> To: Anton Shterenlikht <mexas@bristol.ac.uk> Cc: freebsd-questions@freebsd.org Subject: Re: denying spam hosts ssh access - good idea? Message-ID: <9859143f1001110940p3cce3a94vd5322723cbacefcc@mail.gmail.com> In-Reply-To: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk> References: <20100111140105.GI61025@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 11, 2010 at 7:01 AM, Anton Shterenlikht <mexas@bristol.ac.uk> wrote: > I'm thinking of denying ssh access to host from which > I get brute force ssh attacks. > > HOwever, I see in /etc/hosts.allow: > > # Wrapping sshd(8) is not normally a good idea, but if you > # need to do it, here's how > #sshd : .evil.cracker.example.com : deny > > Why is it not a good idea? > > Also, apparently in older ssh there was DenyHosts option, > but no longer in the current version. > Is there a replacement for DenyHOsts? > Or is there a good reason for such option not to be used? Anton- In the general theme of this thread -- not answering your question, but providing an alternate solution -- sshguard from ports work fantastically for me. It interfaces with both ipfw and pf firewalls (I use it with pf) and has builtin timeout. I use syslog on several machine behind my firewall to forward SSH authentication failures to my FreeBSD firewall that uses PF and it quickly identifies and blocks bruteforce attacks. From my syslog.conf: !sshd auth.info @wall The handy thing here is that it has builtin timeout rules so if you do something silly and block yourself out temporarily, it'll eventually straighten itself out. Cheers, Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9859143f1001110940p3cce3a94vd5322723cbacefcc>