Date: Tue, 27 Nov 2012 18:46:17 -0600 (CST) From: Robert Bonomi <bonomi@mail.r-bonomi.com> To: alexmiroslav@gmail.com, freebsd-questions@freebsd.org Subject: Re: denyhosts, fail2ban, or something else? Message-ID: <201211280046.qAS0kHYK005858@mail.r-bonomi.com> In-Reply-To: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From owner-freebsd-questions@freebsd.org Tue Nov 27 16:26:46 2012 > Date: Tue, 27 Nov 2012 17:25:08 -0500 > Subject: denyhosts, fail2ban, or something else? > From: Aleksandr Miroslav <alexmiroslav@gmail.com> > To: freebsd-questions@freebsd.org > > Finally got sick of seeing tons of ssh break-in attempts in my logs. Am > considering using denyhosts, or fail2ban. Anyone have any experience > with these? > > I'm already using the AllowUsers facility of ssh to only allow specific > users in, so I'm not overly concerned about the attempts. The single most effective method of reducng such log 'noise' is to run sshd on a non-standard port. Does NOT provide any added security; DOES reduce the noise. virtually _100%_effective_ at noise reduction. fail2ban is painlesss to install/configure. Helps with repeat stuff from he same source. Not much help with 'distributed' sources. I've used it, found "non-standard port" to be 'good enough for me'.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211280046.qAS0kHYK005858>