SSHguard & IPFW

[Nino J]

On Wed, Sep 30, 2015 at 7:58 PM, Ian Smith <smithi at nimnet.asn.au> wrote:

>
> I'm more paranoid and only allow addresses in a table to access sshd's
> port, with a couple of roaming users who need to check mail to update
> their IP before login .. but this is great news for sshguard users.
>
>
It's not necessarily paranoid. It depends on your risk assessment. I'm
primarily defending against bruteforce attacks and sshguard effectively
solves that. If I were concerned about possible vulnerability in sshd that
would allow an attacker to bypass the login process or crash sshd on a
machine where ssh access is critical, restricting access to known IPs only
would be a perfectly reasonable solution.

On a side note, if I understood correctly, you're modifying IPFW rules
based on a user successfully checking mail, basically a sort of
port-knocking? Or I totally misinterpreted? :)

-- 
Nino