denyhosts/pfctl to block repeated logins?

Jonesy SPAM_TRAP_gmane at jonz.net
Sat Jun 20 13:46:34 UTC 2015


On Sat, 20 Jun 2015 08:32:18 -0400, Michael B. Eichorn wrote:
> On Sat, 2015-06-20 at 21:55 +1000, andrew clarke wrote:
>> On Sat 2015-06-20 07:34:50 UTC-0400, John Holland wrote:
>>
>> > What is the best tool to use to block repeated login attempts from
>> > unauthorized hosts?  And for deny hosts, how you unblock someone who
>> > is legitimate?
>>
>> "Best tool" is difficult to answer since it depends on your exact
>> requirements.
>>
>> Also once an admin finds an IP blocker that works for them, they may
>> tend to stick with it rather than try all the alternatives.
>>
>> For blocking unsuccessful ssh logins, sshguard-ipfw works for me.
>>
>> http://www.sshguard.net/docs/faqs/
>
> I will second sshguard as an excellent automated blocker. But since the
> OP mentions pfctl in the subject line, they probably want sshguard-pf.
> There is also a no-firewall version for running in jails.

 +2   	:-)

After adding sshguard I still was annoyed by all the attempts -- even 
tho' they were successfully blocked.  Next I moved my ssh port on my 
VPS box and _that_ eliminated 99% of the attempts.

I found a lot of chatter on the interweb claiming that changing the ssh 
port was mostly ineffective.  But, for me it made a BIG difference.

Of course, if you have a lot of users on the box, it would be a pain to 
instruct all of them on using other than the default port.

hth,
Jonesy
-- 
  Marvin L Jones    | Marvin      | W3DHJ  | linux
   38.238N 104.547W |  @ jonz.net | Jonesy |  OS/2
    * Killfiling google & XXXXbanter.com: jonz.net/ng.htm



More information about the freebsd-questions mailing list