From owner-freebsd-questions@FreeBSD.ORG Wed Nov 28 08:22:36 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3D5FAB6F for ; Wed, 28 Nov 2012 08:22:36 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241]) by mx1.freebsd.org (Postfix) with ESMTP id BB6518FC08 for ; Wed, 28 Nov 2012 08:22:35 +0000 (UTC) Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1]) by fileserver.home.qeng-ho.org (8.14.5/8.14.5) with ESMTP id qAS8MShX007069; Wed, 28 Nov 2012 08:22:28 GMT (envelope-from freebsd@qeng-ho.org) Message-ID: <50B5C9C4.9060006@qeng-ho.org> Date: Wed, 28 Nov 2012 08:22:28 +0000 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Aleksandr Miroslav Subject: Re: denyhosts, fail2ban, or something else? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2012 08:22:36 -0000 On 11/27/12 22:25, Aleksandr Miroslav wrote: > Finally got sick of seeing tons of ssh break-in attempts in my logs. Am > considering using denyhosts, or fail2ban. Anyone have any experience > with these? > > I'm already using the AllowUsers facility of ssh to only allow specific > users in, so I'm not overly concerned about the attempts. > > This is for a FreeBSD 8.x box running pf, btw. It's probably major overkill and may not fit your needs but this article by Colin Percival is an interesting enhancement to the non-standard port solution. http://www.daemonology.net/blog/2012-08-30-protecting-sshd-using-spiped.html