denyhosts/pfctl to block repeated logins?
Jonesy
SPAM_TRAP_gmane at jonz.net
Sat Jun 20 13:46:34 UTC 2015
On Sat, 20 Jun 2015 08:32:18 -0400, Michael B. Eichorn wrote:
> On Sat, 2015-06-20 at 21:55 +1000, andrew clarke wrote:
>> On Sat 2015-06-20 07:34:50 UTC-0400, John Holland wrote:
>>
>> > What is the best tool to use to block repeated login attempts from
>> > unauthorized hosts? And for deny hosts, how you unblock someone who
>> > is legitimate?
>>
>> "Best tool" is difficult to answer since it depends on your exact
>> requirements.
>>
>> Also once an admin finds an IP blocker that works for them, they may
>> tend to stick with it rather than try all the alternatives.
>>
>> For blocking unsuccessful ssh logins, sshguard-ipfw works for me.
>>
>> http://www.sshguard.net/docs/faqs/
>
> I will second sshguard as an excellent automated blocker. But since the
> OP mentions pfctl in the subject line, they probably want sshguard-pf.
> There is also a no-firewall version for running in jails.
+2 :-)
After adding sshguard I still was annoyed by all the attempts -- even
tho' they were successfully blocked. Next I moved my ssh port on my
VPS box and _that_ eliminated 99% of the attempts.
I found a lot of chatter on the interweb claiming that changing the ssh
port was mostly ineffective. But, for me it made a BIG difference.
Of course, if you have a lot of users on the box, it would be a pain to
instruct all of them on using other than the default port.
hth,
Jonesy
--
Marvin L Jones | Marvin | W3DHJ | linux
38.238N 104.547W | @ jonz.net | Jonesy | OS/2
* Killfiling google & XXXXbanter.com: jonz.net/ng.htm
More information about the freebsd-questions
mailing list