Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Nov 2012 18:46:17 -0600 (CST)
From:      Robert Bonomi <>
Subject:   Re: denyhosts, fail2ban, or something else?
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> From  Tue Nov 27 16:26:46 2012
> Date: Tue, 27 Nov 2012 17:25:08 -0500
> Subject: denyhosts, fail2ban, or something else?
> From: Aleksandr Miroslav <>
> To:
> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.

The single most effective method of reducng such log 'noise' is to run sshd
on a non-standard port.  Does NOT provide any added security; DOES reduce
the noise.  virtually _100%_effective_ at noise reduction.

fail2ban is painlesss to install/configure.  Helps with repeat stuff from
he same source.  Not much help with 'distributed' sources.  I've used it,
found "non-standard port" to be 'good enough for me'.

Want to link to this message? Use this URL: <>