Date: Sat, 20 Jun 2015 12:11:04 -0400 From: John Holland <jholland@vin-dit.org> To: "Michael B. Eichorn" <ike@michaeleichorn.com> Cc: andrew clarke <mail@ozzmosis.com>, freebsd-questions@freebsd.org Subject: Re: denyhosts/pfctl to block repeated logins? Message-ID: <509516A2-09F5-42C1-8441-492A8B938A8D@vin-dit.org> In-Reply-To: <1434803538.13005.19.camel@michaeleichorn.com> References: <99DC5CD3-1D40-4A6B-B553-DA2619E942EF@vin-dit.org> <20150620115544.GA77489@ozzmosis.com> <1434803538.13005.19.camel@michaeleichorn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for all this information. I had used deny hosts before on Linux. = I tried using something involving pf rules and a shell script monitoring = auth.log, This was not working well. At the moment I=E2=80=99ve got = denyhosts working and it seems OK but I may switch to sshguard-pf based = on your recommendation. John > On Jun 20, 2015, at 8:32 AM, Michael B. Eichorn = <ike@michaeleichorn.com <mailto:ike@michaeleichorn.com>> wrote: >=20 > On Sat, 2015-06-20 at 21:55 +1000, andrew clarke wrote: >> On Sat 2015-06-20 07:34:50 UTC-0400, John Holland = (jholland@vin-dit.org <mailto:jholland@vin-dit.org> >> ) wrote: >>=20 >>> What is the best tool to use to block repeated login attempts from >>> unauthorized hosts? And for deny hosts, how you unblock someone who >>> is legitimate? >>=20 >> "Best tool" is difficult to answer since it depends on your exact >> requirements. >>=20 >> Also once an admin finds an IP blocker that works for them, they may >> tend to stick with it rather than try all the alternatives. >>=20 >> For blocking unsuccessful ssh logins, sshguard-ipfw works for me. >>=20 >> http://www.sshguard.net/docs/faqs/ = <http://www.sshguard.net/docs/faqs/> >>=20 >=20 > I will second sshguard as an excellent automated blocker. But since = the > OP mentions pfctl in the subject line, they probably want sshguard-pf. > There is also a no-firewall version for running in jails. >=20 > I prefer sshguard as it is a daemon like C program whereas denyhosts = is a > python script. So I get a few less dependencies and a bit more speed. >=20 > SSHguard can handle more than just ssh logins, but sendmail, dovecot, = and > other servers as well. >=20 > Unblocking no matter what you are using best consists of 2 steps: > 1) Remove the blocked address from the firewall table, hosts.deny, = etc. > 2) If possible whitelist the hostname(s)/address(es)/subnet(s)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?509516A2-09F5-42C1-8441-492A8B938A8D>