denying spam hosts ssh access - good idea?
Kaya Saman
SamanKaya at netscape.net
Mon Jan 11 14:14:39 UTC 2010
David Southwell wrote:
>> I'm thinking of denying ssh access to host from which
>> I get brute force ssh attacks.
>>
>> HOwever, I see in /etc/hosts.allow:
>>
>> # Wrapping sshd(8) is not normally a good idea, but if you
>> # need to do it, here's how
>> #sshd : .evil.cracker.example.com : deny
>>
>> Why is it not a good idea?
>>
>> Also, apparently in older ssh there was DenyHosts option,
>> but no longer in the current version.
>> Is there a replacement for DenyHOsts?
>> Or is there a good reason for such option not to be used?
>>
>> many thanks
>> anton
>>
>>
> I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also
> use blackhole and sshguard
>
> david
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
Take a look at fail2ban:
http://www.fail2ban.org/
This hooks in IPtables and really does a nice job of preventing DoS
attacks from not just SSH but many other ports and protocols too.
Regards,
Kaya
More information about the freebsd-questions
mailing list