denying spam hosts ssh access - good idea?

David Southwell david at
Mon Jan 11 14:08:47 UTC 2010

> I'm thinking of denying ssh access to host from which
> I get brute force ssh attacks.
> HOwever, I see in /etc/hosts.allow:
> # Wrapping sshd(8) is not normally a good idea, but if you
> # need to do it, here's how
> #sshd : : deny
> Why is it not a good idea?
> Also, apparently in older ssh there was DenyHosts option,
> but no longer in the current version.
> Is there a replacement for DenyHOsts?
> Or is there a good reason for such option not to be used?
> many thanks
> anton
I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also 
use blackhole and sshguard


More information about the freebsd-questions mailing list