Date: Mon, 19 Sep 2011 17:58:08 -0400 From: "Matt Emmerton" <matt@gsicomp.on.ca> To: "'James Strother'" <jstrother9109@gmail.com>, <freebsd-questions@freebsd.org> Subject: RE: limit number of ssh connections Message-ID: <002e01cc7717$3e362230$baa26690$@on.ca> In-Reply-To: <CAAOvGP09epGmL%2BqKShMrv5QKkKGDeFD4n-dz8TxZF_kGs1HfRQ@mail.gmail.com> References: <CAAOvGP2Gj0=ZAYZn2KZYUa3NTCHVtUdtQqHumM1D5Ea26dzPrQ@mail.gmail.com> <946851316461449@web97.yandex.ru> <CAAOvGP3uPgcA2L%2B3%2BaLuAkyy3m72L3fxeDbt67gF1iC2xPMitQ@mail.gmail.com> <C68AA406-8C5B-4F32-984C-EF07D5445FCB@my.gd> <CAAOvGP09epGmL%2BqKShMrv5QKkKGDeFD4n-dz8TxZF_kGs1HfRQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Moving ssh to another port has solved the problem for me. I had used sshguard in the past, but was always leery of locking myself = out. Regards, Matt Emmerton -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of James Strother Sent: Monday, September 19, 2011 5:47 PM To: freebsd-questions@freebsd.org Subject: Re: limit number of ssh connections Wow, I'm glad I asked. This has been very helpful. @=E7=D2=C9=C7=CF=D2=D8=C5=D7 =E1=CC=C5=CB=D3=C1=CE=C4=D2 Thanks for the tip on inetd, that looks like it might just do the trick. @Paul Macdonald My main reason for looking into this was glancing through the logs on a server I just put online and seeing large numbers of unauthorized login attempts. Everything so far is highly unsophisticated, but it did make me start to really think about the issue. I might put ssh onto a different port, that would at least stop the sort of fishing I am currently seeing. It's not clear if that would be "good enough." @Damien Fleuriot Have you had success with sshguard? Installed it from ports, but then I couldn't quite figure out how to configure it. To be honest, I didn't give it much of a chance before I moved on to the next thing, so if you've had good luck then I should probably give it another shot. I did flip through sshd_config, but as far as I can tell it is only possible to limit the number of concurrent connections. It might take a little longer, but I'm concerned it would still allow a malicious individual to sequentially brute-force a password. Thanks for all the responses. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002e01cc7717$3e362230$baa26690$>