From owner-freebsd-questions@FreeBSD.ORG Mon Sep 19 20:02:58 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25756106566B for ; Mon, 19 Sep 2011 20:02:58 +0000 (UTC) (envelope-from jstrother9109@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id B2B748FC16 for ; Mon, 19 Sep 2011 20:02:57 +0000 (UTC) Received: by wwe3 with SMTP id 3so7967381wwe.31 for ; Mon, 19 Sep 2011 13:02:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=jArl15xjViJlr8XEPkOKWOkSxZUdFNzrE0wcAThpqDQ=; b=uVSfbqebw2HVMkqjA9d2uGVeGIfZWduvi8owlRBLRQDDTP/oY2HjQxrjNMXXoS9AkP XfC3DmUojeqHd60e8kNZv00fMPwcjVGMIp9B9B7biuHG/SSm+V8fT0AGYIWS+fa5mXAA nuEz7tz036sCp0WPpMfqA6AfUuvxkdFZCM7Mg= MIME-Version: 1.0 Received: by 10.227.129.77 with SMTP id n13mr871022wbs.37.1316462575905; Mon, 19 Sep 2011 13:02:55 -0700 (PDT) Received: by 10.227.128.141 with HTTP; Mon, 19 Sep 2011 13:02:55 -0700 (PDT) In-Reply-To: <946851316461449@web97.yandex.ru> References: <946851316461449@web97.yandex.ru> Date: Mon, 19 Sep 2011 16:02:55 -0400 Message-ID: From: James Strother To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Subject: Re: limit number of ssh connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2011 20:02:58 -0000 That's an interesting project, I hadn't realized port knocking had become so easy to use. Unfortunately, for this particular server, I need to be able to provide a simple way for (a very limited number of) users to login into the system remotely using a variety of OS platforms. So I don't think port knocking is a good fit here. Thanks, Jim 2011/9/19 =E7=D2=C9=C7=CF=D2=D8=C5=D7 =E1=CC=C5=CB=D3=C1=CE=C4=D2 : > If your target is protect freebsd box from bruting passwords from inet ma= ybe security/knockd will help you? > > 19.09.2011, 23:05, "James Strother" : >> Does anyone know a good way of limiting the number of ssh attempts >> from a single IP address? >> >> I found the following website, which describes a variety of approaches: >> >> http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SS= H_logins >> >> But I am honestly not really happy with any of them. =9AContinuously >> polling log files for regex hits seems...well crude. =9AJust to give you >> an idea of what I mean, here were some of the issues I had. The >> sshd-scan.sh script allows IPs to be reinstated, but the timing is >> dependent on how frequently you rotate logs. =9Asshguard has a pretty >> website, but I can't actually find much useful documentation on how to >> configure it. =9Afail2ban looks like it might work with sufficient work, >> but the defaults are terrible. =9ABy default, every time an IP is >> reinstated, all IPs are reinstated. =9ANot to mention, at present I >> can't seem to get it to trigger any hits. >> >> I suppose I could keep shopping, but the truth is I just think polling >> log files is the wrong way to solve the problem. =9AAnything based on >> this approach is going to have a long latency and be highly dependent >> on the unspecified and unstable formatting of log files (see >> http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4) >> and the troubles an exclamation point can cause). >> >> I would much much rather do something like this: >> >> http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks= _with_iptables/ >> >> Does anyone know a way to do something similar with ipfw? >> >> Thanks in advance, >> =9A=9AJim >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.= org" >