limit number of ssh connections

Tim Daneliuk tundra at
Mon Sep 19 22:08:11 UTC 2011

On 9/19/2011 2:05 PM, James Strother wrote:
> Does anyone know a good way of limiting the number of ssh attempts
> from a single IP address?
> I found the following website, which describes a variety of approaches:
> But I am honestly not really happy with any of them.  Continuously
> polling log files for regex hits seems...well crude.  Just to give you
> an idea of what I mean, here were some of the issues I had. The
> script allows IPs to be reinstated, but the timing is
> dependent on how frequently you rotate logs.  sshguard has a pretty
> website, but I can't actually find much useful documentation on how to
> configure it.  fail2ban looks like it might work with sufficient work,
> but the defaults are terrible.  By default, every time an IP is
> reinstated, all IPs are reinstated.  Not to mention, at present I
> can't seem to get it to trigger any hits.
> I suppose I could keep shopping, but the truth is I just think polling
> log files is the wrong way to solve the problem.  Anything based on
> this approach is going to have a long latency and be highly dependent
> on the unspecified and unstable formatting of log files (see
> and the troubles an exclamation point can cause).
> I would much much rather do something like this:
> Does anyone know a way to do something similar with ipfw?
> Thanks in advance,
>    Jim
> _______________________________________________

They cannot attack what they cannot see.  That's why I wrote this:

It allows you to restrict access to a fixed set of hosts
(via tcpwrappers) but to dynamically request access from
any host (via wrapper rewriting) so long as you have
credentials to do so.  The current version has a worst-case
latency of 5 minutes from the time you remotely request ssh
access be granted until it actually is.  I am working toward
an update that will grant the request immediately.

Tim Daneliuk     tundra at
PGP Key:

More information about the freebsd-questions mailing list