Blocking SSH access based on bad logins?
Dan Busarow
dan at buildingonline.com
Tue Aug 25 15:15:28 UTC 2015
On 8/25/15 8:58 AM, Michael B. Eichorn wrote:
> On Tue, 2015-08-25 at 16:28 +0200, Polytropon wrote:
>> On Tue, 25 Aug 2015 09:16:16 -0400, Jaime Kikpole wrote:
>>> I've noticed a number of SSH login attempts for the username "admin"
>>> on my FreeBSD systems. None of them have a username of "admin". So
>>> I
>>> was wondering if there was a way (even via a port) to tell the
>>> system,
>>> "If an IP tries to login as 'admin', block that IP."
>>
>> I think "fail2ban" is the solution you are searching for.
>>
>>
>>
>>> I'm already using SSHGuard to block certain obvious attempts to break
>>> in. I'm fine with altering its configs or adding/switching to a new
>>> port.
>>
>> You'll find "fail2ban" in the FreeBSD ports collection
>> along with some documentation. It's easy to set up. :-)
>
> I thought SSHGuard and fail2ban were both equally vaild solutions to ssh
> banning. Both use the logged failed attempt and create system level block
> to the offending IP. Am I wrong on this?
>
I use sshguard on FreeBSD and prefer it. I use fail2ban on the few
Debian boxes I manage.
Dan
More information about the freebsd-questions
mailing list