denying spam hosts ssh access - good idea?

Erik Norgaard norgaard at
Tue Jan 12 09:42:10 UTC 2010

Anton Shterenlikht wrote:
> I'm thinking of denying ssh access to host from which
> I get brute force ssh attacks.

This is a returning topic, search the archives. Anyway, the returning 

- why not let your firewall do the blocking? If your blocking is IP 
based that's the place to block.

- why do you default to allow? How about default block, and then add the 
few good networks you know that actually need access? Restricting access 
to your own continent is a good start. I made this tool to create lists 
of ip ranges for individual countries:

if you're in US then it may not work since some US companies have ranges 
delegated directly by IANA rather than ARIN, but these are few so it's 
easy to add ranges manually, check the list here:

- why allow password based authentication? disable password based 
authentication and rely on keys, then you can ignore all the brute force 

- above not a solution? See if you can tweak the sshd_config:


can slow down brute force attacks preventing it from sucking up resources.

Disable root login, restrict login to real users, if you have a group 
"users" just restrict to that using AllowGroups.

- trying to block individual offending hosts is futile, the attacker 
will usually try maybe a 1000 times, but the next one will likely come 
from a different address.

BR, Erik

Erik Nørgaard
Ph: +34.666334818/+34.915211157        

More information about the freebsd-questions mailing list