Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Nov 2012 16:25:45 -0700
From:      Josh Beard <>
To:        Aleksandr Miroslav <>
Subject:   Re: denyhosts, fail2ban, or something else?
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, Nov 27, 2012 at 3:25 PM, Aleksandr Miroslav

> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.
> This is for a FreeBSD 8.x box running pf, btw.
> Thanks

I've been using fail2ban (security/py-fail2ban) for a few years on my
FreeBSD and Linux systems and can't complain.  I like that I can easily
write a regex for any arbitrary log file and perform any action I want.  By
default, the port will install both ipfw and pf "actions."

I can't give an honest opinion about DenyHosts or SSHGuard, having never
used them.  Fail2Ban, however, isn't specific to a service or action -
simply a regex matches a log file and performs an action.


Want to link to this message? Use this URL: <>