denying spam hosts ssh access - good idea?

Tim Judd tajudd at
Mon Jan 11 14:26:14 UTC 2010

On 1/11/10, David Southwell <david at> wrote:
>> I'm thinking of denying ssh access to host from which
>> I get brute force ssh attacks.
>> HOwever, I see in /etc/hosts.allow:
>> # Wrapping sshd(8) is not normally a good idea, but if you
>> # need to do it, here's how
>> #sshd : : deny
>> Why is it not a good idea?
>> Also, apparently in older ssh there was DenyHosts option,
>> but no longer in the current version.
>> Is there a replacement for DenyHOsts?
>> Or is there a good reason for such option not to be used?
>> many thanks
>> anton
> I use denyhosts ( /usr/ports/security/denyhosts ) works well for me. I also
> use blackhole and sshguard
> david

I've been meaning to check this out.  My firewall ssh rules are very
strict, in fact, if the remote IP is "unknown" meaning, I don't know
where the heck it's coming from, it's blocked.  It's easier to say it
this way:  I allow ssh connections from IPs I know, preferably static

Given that there are more than one general blacklists out there that
list unwanted behavior, and that we have ports that make use of these
lists, I wonder if we can use a list (in this case, for spam)
effective for blocking ssh connections.  This means:
  install spamd
  setup pf (requirement for spamd, it is built by OpenBSD after all)
  in the pf rules, block *ANYTHING* coming from the blacklisted IPs

I don't know how effective it is, but since the spamd blacklist IPs
are hosted on what seems to be only one server/server farm, I am also
looking for any way I can provide a mirror (even if it's slightly
outdated) of this data.


More information about the freebsd-questions mailing list