Auto blacklist ssh connections ...
Greg Larkin
glarkin at FreeBSD.org
Wed Sep 17 23:29:41 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marc G. Fournier wrote:
>
> Does anyone know of a utility that I can use with sshd to auto-block by IP if
> there are more then N failed attempts in a row?
>
> ie:
>
> # grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort | uniq -c |
> sort -nr
[...]
>
>
> This is for one day ... I'd like to be able to throttle so that after X Invalid
> user attempts, the IP gets blocked ...
>
> Possible?
>
Hi Marc,
Coincidentally, I've been replacing sshit with sshguard (both in ports)
on several servers today. sshguard seems to be more configurable and
supports a number of blocking methods - multiple firewalls as well as
/etc/hosts.deny. Here's the full documentation:
http://sshguard.sourceforge.net/doc/
Hope that helps,
Greg
- --
Greg Larkin
http://www.FreeBSD.org/ - The Power To Serve
http://www.sourcehosting.net/ - Ready. Set. Code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI0ZLn0sRouByUApARAt5XAJ91sn31ryJ4iq+t4OzVoORYK29IVwCglRAG
rE3TmCDo70nzxvUBFWVCUJI=
=fQhA
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list