sshd break-in attempt

Michael bsdquestions at
Wed Jan 3 06:06:53 PST 2007

Per olof Ljungmark wrote:
> Nathan Vidican wrote:
>> We keep getting attempts from what look like a username/password 
>> scanner utility to login to our servers externally via sshd. 
>> Thankfully, we're not ignorant enough to leave common account names 
>> open, however it is annoying to say the least. We're getting things 
>> like this:
>> Jan  1 09:07:34 fw sshd[66547]: Invalid user staff from
>> Jan  1 09:07:35 fw sshd[66549]: Invalid user sales from
>> Jan  1 09:07:36 fw sshd[66551]: Invalid user recruit from
>> Jan  1 09:07:37 fw sshd[66553]: Invalid user alias from
>> Jan  1 09:07:38 fw sshd[66555]: Invalid user office from
>> Jan  1 09:07:38 fw sshd[66557]: Invalid user samba from
>> Jan  1 09:07:39 fw sshd[66559]: Invalid user tomcat from
>> Jan  1 09:07:40 fw sshd[66561]: Invalid user webadmin from
>> Jan  1 09:07:41 fw sshd[66563]: Invalid user spam from
>> Jan  1 09:07:42 fw sshd[66565]: Invalid user virus from
>> Jan  1 09:07:43 fw sshd[66567]: Invalid user cyrus from
>> Jan  1 09:07:43 fw sshd[66569]: Invalid user staff from
>> Jan  1 09:07:44 fw sshd[66571]: Invalid user oracle from
>> In our 'periodic daily' report/email, (only the list goes on for 
>> hundreds of attempts). Anyhow, long story short; is there not an easy 
>> way to make sshd block or deny hosts temporarily if X number of 
>> invalid login attempts are made within a minute's time? Must I use an 
>> external wrapper to accomplish this, or can it be done with options 
>> to sshd on it's own?
> There are several ways to block the attacks, one pointed out by first 
> respondent, we use Denyhosts and sshblock here.
> Google should point you several others.
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at"
As I have mentioned before here on this list, we use Blockhosts which 
has been extremely effective in blocking these after X number of attempts.

You can find it here:

Give it a go, I think you'll be very happy with the results.


More information about the freebsd-questions mailing list