denyhosts, fail2ban, or something else?
Robert Bonomi
bonomi at mail.r-bonomi.com
Wed Nov 28 00:46:46 UTC 2012
> From owner-freebsd-questions at freebsd.org Tue Nov 27 16:26:46 2012
> Date: Tue, 27 Nov 2012 17:25:08 -0500
> Subject: denyhosts, fail2ban, or something else?
> From: Aleksandr Miroslav <alexmiroslav at gmail.com>
> To: freebsd-questions at freebsd.org
>
> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
>
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.
The single most effective method of reducng such log 'noise' is to run sshd
on a non-standard port. Does NOT provide any added security; DOES reduce
the noise. virtually _100%_effective_ at noise reduction.
fail2ban is painlesss to install/configure. Helps with repeat stuff from
he same source. Not much help with 'distributed' sources. I've used it,
found "non-standard port" to be 'good enough for me'.
More information about the freebsd-questions
mailing list