How to Stop Bruit Force ssh Attempts?

Chris Maness chris at
Wed Apr 12 04:13:14 UTC 2006

Jonathan Franks wrote:

> On Mar 18, 2006, at 12:39 PM, Chris Maness wrote:
>> In my auth log I see alot of bruit force attempts to login via  ssh.  
>> Is there a way I can have the box automatically kill any tcp/ ip 
>> connectivity to hosts that try and fail a given number of  times?  Is 
>> there a port or something that I can install to give  this kind of 
>> protection.  I'm still kind of a FreeBSD newbie.
> If you are using PF, you can use source tracking to drop the  
> offenders in to a table... perhaps after a certain number of attempts  
> in a given time (say, 5 in a minute). Once you have the table you're  
> in business... you can block based on it... and then set up a cron  
> job to copy the table to disk every so often (perhaps once every two  
> minutes). It works very well for me, YMMV.
> If you don't want to block permanently, you could use cron to flush  
> the table every so often too... I don't bother though.
> -Jonathan

I use a port called DenyHost.  It adds an entry to hosts.allow that 
denies access.

More information about the freebsd-questions mailing list