denying spam hosts ssh access - good idea?

Anton Shterenlikht mexas at
Tue Jan 12 09:54:05 UTC 2010

On Tue, Jan 12, 2010 at 10:42:06AM +0100, Erik Norgaard wrote:
> Anton Shterenlikht wrote:
> > I'm thinking of denying ssh access to host from which
> > I get brute force ssh attacks.
> This is a returning topic, search the archives. Anyway, the returning 
> answer:
> - why not let your firewall do the blocking? If your blocking is IP 
> based that's the place to block.

I'm already under the University firewall. Only port 22 is let through.
But even that filles my logs.

> - why do you default to allow? How about default block, and then add the 
> few good networks you know that actually need access? Restricting access 
> to your own continent is a good start. I made this tool to create lists 
> of ip ranges for individual countries:
> if you're in US then it may not work since some US companies have ranges 
> delegated directly by IANA rather than ARIN, but these are few so it's 
> easy to add ranges manually, check the list here:

thanks, will look at this

> - why allow password based authentication? disable password based 
> authentication and rely on keys, then you can ignore all the brute force 
> attempts.

I don't allow password based authentication.

> - above not a solution? See if you can tweak the sshd_config:
>      MaxAuthTries
>      MaxStartups
> can slow down brute force attacks preventing it from sucking up resources.

also a good idea, will look at this.

> Disable root login, restrict login to real users, if you have a group 
> "users" just restrict to that using AllowGroups.

yes, this is in place.

> - trying to block individual offending hosts is futile, the attacker 
> will usually try maybe a 1000 times, but the next one will likely come 
> from a different address.

I guess this answers my question most directly.

>From all the replies I got so far I gather that /etc/hosts.allow
exists a historical heritage and no real use is made of it
nowadays. Although some people appear to like it (e.g. Samuel Martín Moro).

many thanks for your help and support.

Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423

More information about the freebsd-questions mailing list