From owner-freebsd-questions@FreeBSD.ORG Mon Sep 19 20:42:36 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 723F5106564A for ; Mon, 19 Sep 2011 20:42:36 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by mx1.freebsd.org (Postfix) with ESMTP id 0B55F8FC08 for ; Mon, 19 Sep 2011 20:42:35 +0000 (UTC) Received: by wwn22 with SMTP id 22so4474269wwn.1 for ; Mon, 19 Sep 2011 13:42:35 -0700 (PDT) Received: by 10.216.176.142 with SMTP id b14mr3109728wem.70.1316464954757; Mon, 19 Sep 2011 13:42:34 -0700 (PDT) Received: from [192.168.0.10] (did75-17-88-165-130-96.fbx.proxad.net. [88.165.130.96]) by mx.google.com with ESMTPS id m2sm27599089wbp.5.2011.09.19.13.42.32 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 19 Sep 2011 13:42:33 -0700 (PDT) References: <946851316461449@web97.yandex.ru> In-Reply-To: Mime-Version: 1.0 (iPhone Mail 8J2) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Message-Id: X-Mailer: iPhone Mail (8J2) From: Damien Fleuriot Date: Mon, 19 Sep 2011 22:42:28 +0200 To: James Strother Cc: "freebsd-questions@freebsd.org" Subject: Re: limit number of ssh connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2011 20:42:36 -0000 Again if your goal is to protect against attacks, you might want to look at s= shguard from the ports. Otherwise I believe there's a sshd_config directive to limit the number of c= oncurrent connections from a single source IP On 19 Sep 2011, at 22:02, James Strother wrote: > That's an interesting project, I hadn't realized port knocking had > become so easy to use. >=20 > Unfortunately, for this particular server, I need to be able to > provide a simple way for (a very limited number of) users to login > into the system remotely using a variety of OS platforms. So I don't > think port knocking is a good fit here. >=20 > Thanks, > Jim >=20 >=20 >=20 > 2011/9/19 =D0=93=D1=80=D0=B8=D0=B3=D0=BE=D1=80=D1=8C=D0=B5=D0=B2 =D0=90=D0= =BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80 : >> If your target is protect freebsd box from bruting passwords from inet ma= ybe security/knockd will help you? >>=20 >> 19.09.2011, 23:05, "James Strother" : >>> Does anyone know a good way of limiting the number of ssh attempts >>> from a single IP address? >>>=20 >>> I found the following website, which describes a variety of approaches: >>>=20 >>> http://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SS= H_logins >>>=20 >>> But I am honestly not really happy with any of them. Continuously >>> polling log files for regex hits seems...well crude. Just to give you >>> an idea of what I mean, here were some of the issues I had. The >>> sshd-scan.sh script allows IPs to be reinstated, but the timing is >>> dependent on how frequently you rotate logs. sshguard has a pretty >>> website, but I can't actually find much useful documentation on how to >>> configure it. fail2ban looks like it might work with sufficient work, >>> but the defaults are terrible. By default, every time an IP is >>> reinstated, all IPs are reinstated. Not to mention, at present I >>> can't seem to get it to trigger any hits. >>>=20 >>> I suppose I could keep shopping, but the truth is I just think polling >>> log files is the wrong way to solve the problem. Anything based on >>> this approach is going to have a long latency and be highly dependent >>> on the unspecified and unstable formatting of log files (see >>> http://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4) >>> and the troubles an exclamation point can cause). >>>=20 >>> I would much much rather do something like this: >>>=20 >>> http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks= _with_iptables/ >>>=20 >>> Does anyone know a way to do something similar with ipfw? >>>=20 >>> Thanks in advance, >>> Jim >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.= org" >>=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.or= g"