limit number of ssh connections
James Strother
jstrother9109 at gmail.com
Mon Sep 19 19:28:59 UTC 2011
Does anyone know a good way of limiting the number of ssh attempts
from a single IP address?
I found the following website, which describes a variety of approaches:
http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins
But I am honestly not really happy with any of them. Continuously
polling log files for regex hits seems...well crude. Just to give you
an idea of what I mean, here were some of the issues I had. The
sshd-scan.sh script allows IPs to be reinstated, but the timing is
dependent on how frequently you rotate logs. sshguard has a pretty
website, but I can't actually find much useful documentation on how to
configure it. fail2ban looks like it might work with sufficient work,
but the defaults are terrible. By default, every time an IP is
reinstated, all IPs are reinstated. Not to mention, at present I
can't seem to get it to trigger any hits.
I suppose I could keep shopping, but the truth is I just think polling
log files is the wrong way to solve the problem. Anything based on
this approach is going to have a long latency and be highly dependent
on the unspecified and unstable formatting of log files (see
http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4)
and the troubles an exclamation point can cause).
I would much much rather do something like this:
http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
Does anyone know a way to do something similar with ipfw?
Thanks in advance,
Jim
More information about the freebsd-questions
mailing list