From owner-freebsd-questions@freebsd.org Tue Aug 25 15:22:41 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD2919C2D66 for ; Tue, 25 Aug 2015 15:22:40 +0000 (UTC) (envelope-from brian@brianwhalen.net) Received: from mail-la0-f47.google.com (mail-la0-f47.google.com [209.85.215.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6AC458A1 for ; Tue, 25 Aug 2015 15:22:39 +0000 (UTC) (envelope-from brian@brianwhalen.net) Received: by labia3 with SMTP id ia3so36123133lab.3 for ; Tue, 25 Aug 2015 08:22:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=9kB9+SO8IZZGJIZWHSKfl6rvLWyP3ViGahOVsTTGn7g=; b=KsDHSF/4hVSvRdpqXFiDEuL+EwNm9brwJj377catmXKS+qBw3U4ae3lJPeiH3rJWXX cMD+99o4hyn0H/LgyeUY04vRfysW0vCAz88dIZ3YHltZo29cXB96ESFamCdsM9Kyd3nT 5ZVOK/S5CGLBVJ8YhLv67h00gkpYN6mPKjUxoxDbn7FRmjAghZRaKTH4ehhkNMDP4bI3 jibPQKC6umh+CBbbv1/xpO+D0Rd83VfWjyCktVFTsrQY726QR/m6hilCEbGeEf7wTdFG SkMQQShFJ/Rced+lIsCtQGm9jNFkmp59iXsJLUJFLIFRyj4XvSeSwJ6YQLgdu68MKXJ/ /JOA== X-Gm-Message-State: ALoCoQmQpezeoLxni52Uji1mklygetk199iPLzqs+oeI3vJdb8Qly6Q1WJW3V2ylBWYB42ABBklG MIME-Version: 1.0 X-Received: by 10.152.43.41 with SMTP id t9mr26186044lal.4.1440516152106; Tue, 25 Aug 2015 08:22:32 -0700 (PDT) Received: by 10.25.197.196 with HTTP; Tue, 25 Aug 2015 08:22:31 -0700 (PDT) X-Originating-IP: [2606:6000:cd06:7f00:58c5:854a:2c88:1092] Received: by 10.25.197.196 with HTTP; Tue, 25 Aug 2015 08:22:31 -0700 (PDT) In-Reply-To: <55DC8527.7000802@buildingonline.com> References: <20150825162841.b8f840ab.freebsd@edvax.de> <1440514692.6714.13.camel@michaeleichorn.com> <55DC8527.7000802@buildingonline.com> Date: Tue, 25 Aug 2015 08:22:31 -0700 Message-ID: Subject: Re: Blocking SSH access based on bad logins? From: "Brian W." To: Dan Busarow Cc: FreeBSD Mailing List Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 15:22:41 -0000 There is a port called denyhosts that works pretty well. There is a single configuration file and you just edit that to what you want. It adds a hosts.deniedssh file that it writes data to based on log activity. Brian On Aug 25, 2015 8:15 AM, "Dan Busarow" wrote: > On 8/25/15 8:58 AM, Michael B. Eichorn wrote: > > On Tue, 2015-08-25 at 16:28 +0200, Polytropon wrote: > >> On Tue, 25 Aug 2015 09:16:16 -0400, Jaime Kikpole wrote: > >>> I've noticed a number of SSH login attempts for the username "admin" > >>> on my FreeBSD systems. None of them have a username of "admin". So > >>> I > >>> was wondering if there was a way (even via a port) to tell the > >>> system, > >>> "If an IP tries to login as 'admin', block that IP." > >> > >> I think "fail2ban" is the solution you are searching for. > >> > >> > >> > >>> I'm already using SSHGuard to block certain obvious attempts to break > >>> in. I'm fine with altering its configs or adding/switching to a new > >>> port. > >> > >> You'll find "fail2ban" in the FreeBSD ports collection > >> along with some documentation. It's easy to set up. :-) > > > > I thought SSHGuard and fail2ban were both equally vaild solutions to ssh > > banning. Both use the logged failed attempt and create system level block > > to the offending IP. Am I wrong on this? > > > > I use sshguard on FreeBSD and prefer it. I use fail2ban on the few > Debian boxes I manage. > > Dan > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >