denying spam hosts ssh access - good idea?

Kaya Saman SamanKaya at
Mon Jan 11 14:14:39 UTC 2010

David Southwell wrote:
>> I'm thinking of denying ssh access to host from which
>> I get brute force ssh attacks.
>> HOwever, I see in /etc/hosts.allow:
>> # Wrapping sshd(8) is not normally a good idea, but if you
>> # need to do it, here's how
>> #sshd : : deny
>> Why is it not a good idea?
>> Also, apparently in older ssh there was DenyHosts option,
>> but no longer in the current version.
>> Is there a replacement for DenyHOsts?
>> Or is there a good reason for such option not to be used?
>> many thanks
>> anton
> I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also 
> use blackhole and sshguard
> david
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"

Take a look at fail2ban:

This hooks in IPtables and really does a nice job of preventing DoS 
attacks from not just SSH but many other ports and protocols too.



More information about the freebsd-questions mailing list