limit number of ssh connections

Mon Sep 19 19:44:13 UTC 2011

If your target is protect freebsd box from bruting passwords from inet maybe security/knockd will help you? 

19.09.2011, 23:05, "James Strother" <jstrother9109 at gmail.com>:
> Does anyone know a good way of limiting the number of ssh attempts
> from a single IP address?
>
> I found the following website, which describes a variety of approaches:
>
> http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins
>
> But I am honestly not really happy with any of them.  Continuously
> polling log files for regex hits seems...well crude.  Just to give you
> an idea of what I mean, here were some of the issues I had. The
> sshd-scan.sh script allows IPs to be reinstated, but the timing is
> dependent on how frequently you rotate logs.  sshguard has a pretty
> website, but I can't actually find much useful documentation on how to
> configure it.  fail2ban looks like it might work with sufficient work,
> but the defaults are terrible.  By default, every time an IP is
> reinstated, all IPs are reinstated.  Not to mention, at present I
> can't seem to get it to trigger any hits.
>
> I suppose I could keep shopping, but the truth is I just think polling
> log files is the wrong way to solve the problem.  Anything based on
> this approach is going to have a long latency and be highly dependent
> on the unspecified and unstable formatting of log files (see
> http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4)
> and the troubles an exclamation point can cause).
>
> I would much much rather do something like this:
>
> http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
>
> Does anyone know a way to do something similar with ipfw?
>
> Thanks in advance,
>   Jim
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"