limit number of ssh connections
jstrother9109 at gmail.com
Mon Sep 19 20:02:58 UTC 2011
That's an interesting project, I hadn't realized port knocking had
become so easy to use.
Unfortunately, for this particular server, I need to be able to
provide a simple way for (a very limited number of) users to login
into the system remotely using a variety of OS platforms. So I don't
think port knocking is a good fit here.
2011/9/19 Григорьев Александр <mr.festin at yandex.ru>:
> If your target is protect freebsd box from bruting passwords from inet maybe security/knockd will help you?
> 19.09.2011, 23:05, "James Strother" <jstrother9109 at gmail.com>:
>> Does anyone know a good way of limiting the number of ssh attempts
>> from a single IP address?
>> I found the following website, which describes a variety of approaches:
>> But I am honestly not really happy with any of them. Continuously
>> polling log files for regex hits seems...well crude. Just to give you
>> an idea of what I mean, here were some of the issues I had. The
>> sshd-scan.sh script allows IPs to be reinstated, but the timing is
>> dependent on how frequently you rotate logs. sshguard has a pretty
>> website, but I can't actually find much useful documentation on how to
>> configure it. fail2ban looks like it might work with sufficient work,
>> but the defaults are terrible. By default, every time an IP is
>> reinstated, all IPs are reinstated. Not to mention, at present I
>> can't seem to get it to trigger any hits.
>> I suppose I could keep shopping, but the truth is I just think polling
>> log files is the wrong way to solve the problem. Anything based on
>> this approach is going to have a long latency and be highly dependent
>> on the unspecified and unstable formatting of log files (see
>> and the troubles an exclamation point can cause).
>> I would much much rather do something like this:
>> Does anyone know a way to do something similar with ipfw?
>> Thanks in advance,
>> freebsd-questions at freebsd.org mailing list
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions