From owner-freebsd-questions@FreeBSD.ORG Mon Sep 19 20:12:10 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DF6681065672 for ; Mon, 19 Sep 2011 20:12:09 +0000 (UTC) (envelope-from mr.festin@yandex.ru) Received: from forward5.mail.yandex.net (forward5.mail.yandex.net [IPv6:2a02:6b8:0:602::5]) by mx1.freebsd.org (Postfix) with ESMTP id EFBC28FC0A for ; Mon, 19 Sep 2011 20:12:08 +0000 (UTC) Received: from web60.yandex.ru (web60.yandex.ru [77.88.46.51]) by forward5.mail.yandex.net (Yandex) with ESMTP id 3E7871201548; Tue, 20 Sep 2011 00:12:07 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1316463127; bh=xhP2/sG2t3gl5CpUsvuAN8Qs/NjCTTK9VJkOamlDemA=; h=From:To:Cc:In-Reply-To:References:Subject:MIME-Version:Message-Id: Date:Content-Transfer-Encoding:Content-Type; b=gBAXvRZu4JsbqRmi07f2cBnwBMLb/KtZqmiI1yxzUoYBWSxYTb2i/y3KTQG7zzw+Q s8aDCiFKkvzZ5kDGVdQDXOLkzYCwrHW9BXwMHDtQ0I/ELTInz1rGgt1WxgAyx+FBVk RNAaL6ZLp0qOA1xq9W5WD5U9zKOTbDOyM3G7zppA= Received: from localhost (localhost.localdomain [127.0.0.1]) by web60.yandex.ru (Yandex) with ESMTP id 1A01E2E007B; Tue, 20 Sep 2011 00:12:07 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1316463127; bh=xhP2/sG2t3gl5CpUsvuAN8Qs/NjCTTK9VJkOamlDemA=; h=From:To:Cc:In-Reply-To:References:Subject:MIME-Version:Message-Id: Date:Content-Transfer-Encoding:Content-Type; b=gBAXvRZu4JsbqRmi07f2cBnwBMLb/KtZqmiI1yxzUoYBWSxYTb2i/y3KTQG7zzw+Q s8aDCiFKkvzZ5kDGVdQDXOLkzYCwrHW9BXwMHDtQ0I/ELTInz1rGgt1WxgAyx+FBVk RNAaL6ZLp0qOA1xq9W5WD5U9zKOTbDOyM3G7zppA= X-Yandex-Spam: 1 Received: from 93-80-220-139.broadband.corbina.ru (93-80-220-139.broadband.corbina.ru [93.80.220.139]) by web60.yandex.ru with HTTP; Tue, 20 Sep 2011 00:12:04 +0400 From: =?koi8-r?B?59LJx8/S2MXXIOHMxcvTwc7E0g==?= To: James Strother In-Reply-To: References: <946851316461449@web97.yandex.ru> MIME-Version: 1.0 Message-Id: <54071316463124@web60.yandex.ru> Date: Tue, 20 Sep 2011 00:12:04 +0400 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=koi8-r X-Mailman-Approved-At: Mon, 19 Sep 2011 21:21:15 +0000 Cc: freebsd-questions@freebsd.org Subject: Re: limit number of ssh connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2011 20:12:10 -0000 Standard inetd(8) has many options including limiting connections based on IP-address. Can it help in this case? 20.09.2011, 00:02, "James Strother" : > That's an interesting project, I hadn't realized port knocking had > become so easy to use. > > Unfortunately, for this particular server, I need to be able to > provide a simple way for (a very limited number of) users to login > into the system remotely using a variety of OS platforms. šSo I don't > think port knocking is a good fit here. > > Thanks, > ššJim > > 2011/9/19 çŇÉÇĎŇŘĹ× áĚĹËÓÁÎÄŇ : > >> šIf your target is protect freebsd box from bruting passwords from inet maybe security/knockd will help you? >> >> š19.09.2011, 23:05, "James Strother" : >>> šDoes anyone know a good way of limiting the number of ssh attempts >>> šfrom a single IP address? >>> >>> šI found the following website, which describes a variety of approaches: >>> >>> šhttp://www.freebsdwiki.net/index.php/Block_repeated_illegal_or_failed_SSH_logins >>> >>> šBut I am honestly not really happy with any of them. šContinuously >>> špolling log files for regex hits seems...well crude. šJust to give you >>> šan idea of what I mean, here were some of the issues I had. The >>> šsshd-scan.sh script allows IPs to be reinstated, but the timing is >>> šdependent on how frequently you rotate logs. šsshguard has a pretty >>> šwebsite, but I can't actually find much useful documentation on how to >>> šconfigure it. šfail2ban looks like it might work with sufficient work, >>> šbut the defaults are terrible. šBy default, every time an IP is >>> šreinstated, all IPs are reinstated. šNot to mention, at present I >>> šcan't seem to get it to trigger any hits. >>> >>> šI suppose I could keep shopping, but the truth is I just think polling >>> šlog files is the wrong way to solve the problem. šAnything based on >>> šthis approach is going to have a long latency and be highly dependent >>> šon the unspecified and unstable formatting of log files (see >>> šhttp://www.fail2ban.org/wiki/index.php/HOWTO_Mac_OS_X_Server_(10.4) >>> šand the troubles an exclamation point can cause). >>> >>> šI would much much rather do something like this: >>> >>> šhttp://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ >>> >>> šDoes anyone know a way to do something similar with ipfw? >>> >>> šThanks in advance, >>> šššJim >>> š_______________________________________________ >>> šfreebsd-questions@freebsd.org mailing list >>> šhttp://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> šTo unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"