Date: Sat, 20 Jun 2015 13:46:06 +0000 (UTC) From: Jonesy <SPAM_TRAP_gmane@jonz.net> To: freebsd-questions@freebsd.org Subject: Re: denyhosts/pfctl to block repeated logins? Message-ID: <slrnmoarla.9mn.SPAM_TRAP_gmane@vps.jonz.net> References: <99DC5CD3-1D40-4A6B-B553-DA2619E942EF@vin-dit.org> <20150620115544.GA77489@ozzmosis.com> <1434803538.13005.19.camel@michaeleichorn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 20 Jun 2015 08:32:18 -0400, Michael B. Eichorn wrote: > On Sat, 2015-06-20 at 21:55 +1000, andrew clarke wrote: >> On Sat 2015-06-20 07:34:50 UTC-0400, John Holland wrote: >> >> > What is the best tool to use to block repeated login attempts from >> > unauthorized hosts? And for deny hosts, how you unblock someone who >> > is legitimate? >> >> "Best tool" is difficult to answer since it depends on your exact >> requirements. >> >> Also once an admin finds an IP blocker that works for them, they may >> tend to stick with it rather than try all the alternatives. >> >> For blocking unsuccessful ssh logins, sshguard-ipfw works for me. >> >> http://www.sshguard.net/docs/faqs/ > > I will second sshguard as an excellent automated blocker. But since the > OP mentions pfctl in the subject line, they probably want sshguard-pf. > There is also a no-firewall version for running in jails. +2 :-) After adding sshguard I still was annoyed by all the attempts -- even tho' they were successfully blocked. Next I moved my ssh port on my VPS box and _that_ eliminated 99% of the attempts. I found a lot of chatter on the interweb claiming that changing the ssh port was mostly ineffective. But, for me it made a BIG difference. Of course, if you have a lot of users on the box, it would be a pain to instruct all of them on using other than the default port. hth, Jonesy -- Marvin L Jones | Marvin | W3DHJ | linux 38.238N 104.547W | @ jonz.net | Jonesy | OS/2 * Killfiling google & XXXXbanter.com: jonz.net/ng.htm
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?slrnmoarla.9mn.SPAM_TRAP_gmane>