securing sshd

Erik Norgaard norgaard at
Sat Mar 20 18:40:05 UTC 2010

On 20/03/10 18:23, Jamie Griffin wrote:

> The reason I went with that decision is because I only expect to be
> logging in to the server from two locations:  at home or from a
> computer at my university

In that case, the best thing you can do is figure out the IP ranges of 
either location.

Check your log for your own successful logins to find the source IP, 
then look up the range with whois. You can be pretty sure that wherever 
you are on campus, the assigned IP will be in that range.

Then just allow access from those ranges and block everything else in 
your firewall. Whitelists are far easier to manage than black lists. 
Having some daemon running to monitor illicit attempts to login and 
block the source is futile. You can be almost certain that you won't see 
that IP in your logs again, partly because these attempts may come from 
botnets, partly because the source may be assigned IP dynamically.

Btw. I found two articles on, the first is analysis 
using a honeypot, as you see these attacks are pretty lame:

Then somebody having to respond, because security was pretty lame:

BR, Erik
Erik Nørgaard
Ph: +34.666334818/+34.915211157        

More information about the freebsd-questions mailing list