Blocking SSH access based on bad logins?

Adam Vande More amvandemore at
Tue Aug 25 15:29:08 UTC 2015

On Tue, Aug 25, 2015 at 10:22 AM, Brian W. <brian at> wrote:

> There is a port called denyhosts that works pretty well. There is a single
> configuration file and you just edit that to what you want. It adds a
> hosts.deniedssh file that it writes data to based on log activity.

Technically, you add the /etc/hosts.deniedssh file and that is really just
an arbitrary design.  It could just as well be /etc/hosts.allow for many

Also denyhosts is still the only blocker which is able to proactively block
known bad hosts(and not by default).  At least is used to work, not sure if
that part still does.


More information about the freebsd-questions mailing list