Blocking SSH access based on bad logins?

Brian W. brian at brianwhalen.net
Tue Aug 25 15:22:41 UTC 2015


There is a port called denyhosts that works pretty well. There is a single
configuration file and you just edit that to what you want. It adds a
hosts.deniedssh file that it writes data to based on log activity.

Brian
On Aug 25, 2015 8:15 AM, "Dan Busarow" <dan at buildingonline.com> wrote:

> On 8/25/15 8:58 AM, Michael B. Eichorn wrote:
> > On Tue, 2015-08-25 at 16:28 +0200, Polytropon wrote:
> >> On Tue, 25 Aug 2015 09:16:16 -0400, Jaime Kikpole wrote:
> >>> I've noticed a number of SSH login attempts for the username "admin"
> >>> on my FreeBSD systems.  None of them have a username of "admin".  So
> >>> I
> >>> was wondering if there was a way (even via a port) to tell the
> >>> system,
> >>> "If an IP tries to login as 'admin', block that IP."
> >>
> >> I think "fail2ban" is the solution you are searching for.
> >>
> >>
> >>
> >>> I'm already using SSHGuard to block certain obvious attempts to break
> >>> in.  I'm fine with altering its configs or adding/switching to a new
> >>> port.
> >>
> >> You'll find "fail2ban" in the FreeBSD ports collection
> >> along with some documentation. It's easy to set up. :-)
> >
> > I thought SSHGuard and fail2ban were both equally vaild solutions to ssh
> > banning. Both use the logged failed attempt and create system level block
> > to the offending IP. Am I wrong on this?
> >
>
> I use sshguard on FreeBSD and prefer it.  I use fail2ban on the few
> Debian boxes I manage.
>
> Dan
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>


More information about the freebsd-questions mailing list