From owner-freebsd-questions@FreeBSD.ORG Mon Sep 19 21:47:03 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 77AB71065670 for ; Mon, 19 Sep 2011 21:47:03 +0000 (UTC) (envelope-from jstrother9109@gmail.com) Received: from mail-wy0-f178.google.com (mail-wy0-f178.google.com [74.125.82.178]) by mx1.freebsd.org (Postfix) with ESMTP id 0E2748FC16 for ; Mon, 19 Sep 2011 21:47:02 +0000 (UTC) Received: by wyf23 with SMTP id 23so7279056wyf.9 for ; Mon, 19 Sep 2011 14:47:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=BciMAk5bdiVQFJP9D0IMNO2cNHNvmK5V9ggaeidI6UQ=; b=A/vSJxflIujNEakgWihM+XrcoYCZEO5oq8f1JR2tV/g0nU+JcRPVQRGhPz+bIcr9Qw 93l8tICF6rAAT/5r3FQzBGepuwrqpPIjalq02U5UotW6UJ0OQjTVTsREJZ8DdFX9+eYD Ye1AdFwgKd3g6EL5G5vQFPh9Q011wXWJ2WSZs= MIME-Version: 1.0 Received: by 10.227.143.209 with SMTP id w17mr19679wbu.52.1316468821776; Mon, 19 Sep 2011 14:47:01 -0700 (PDT) Received: by 10.227.128.141 with HTTP; Mon, 19 Sep 2011 14:47:01 -0700 (PDT) In-Reply-To: References: <946851316461449@web97.yandex.ru> Date: Mon, 19 Sep 2011 17:47:01 -0400 Message-ID: From: James Strother To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Subject: Re: limit number of ssh connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2011 21:47:03 -0000 Wow, I'm glad I asked. This has been very helpful. @=E7=D2=C9=C7=CF=D2=D8=C5=D7 =E1=CC=C5=CB=D3=C1=CE=C4=D2 Thanks for the tip on inetd, that looks like it might just do the trick. @Paul Macdonald My main reason for looking into this was glancing through the logs on a server I just put online and seeing large numbers of unauthorized login attempts. Everything so far is highly unsophisticated, but it did make me start to really think about the issue. I might put ssh onto a different port, that would at least stop the sort of fishing I am currently seeing. It's not clear if that would be "good enough." @Damien Fleuriot Have you had success with sshguard? Installed it from ports, but then I couldn't quite figure out how to configure it. To be honest, I didn't give it much of a chance before I moved on to the next thing, so if you've had good luck then I should probably give it another shot. I did flip through sshd_config, but as far as I can tell it is only possible to limit the number of concurrent connections. It might take a little longer, but I'm concerned it would still allow a malicious individual to sequentially brute-force a password. Thanks for all the responses.