From owner-freebsd-questions@freebsd.org  Tue Aug 25 15:29:07 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C37FF99A352
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 25 Aug 2015 15:29:07 +0000 (UTC)
 (envelope-from amvandemore@gmail.com)
Received: from mail-la0-x229.google.com (mail-la0-x229.google.com
 [IPv6:2a00:1450:4010:c03::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48CCAB40
 for <freebsd-questions@freebsd.org>; Tue, 25 Aug 2015 15:29:07 +0000 (UTC)
 (envelope-from amvandemore@gmail.com)
Received: by lalv9 with SMTP id v9so100538471lal.0
 for <freebsd-questions@freebsd.org>; Tue, 25 Aug 2015 08:29:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=2+jEMCF+rYIM9Lo/ohBKstjgMXP6pmx88zvDNxDVlbs=;
 b=y4I4olxqFLuisCXhlYLxubqkaJDYP1KzfGJGCwmMvrIZG5IepKJtg9DylBlSlL/5W/
 kFFhmfxGM+Ym8lC4Dm++1Fm+uZpyjh2Mzq+nWUyX6+5y+58Vw5Lr4pXg7HVwXI8d9jEZ
 XR65sICti73zIDNXBf5Mm4vOQEHEBELnI9zNGjxCl5tlnzrAo48+H1Rs43nJ23J35Prg
 +XeEqMtwzHd9lV8lXxJFCa7Ywx6CXMnQBZam7TPn2u+L8ugdkqNOF7z86DI6lVXELpSX
 0Za/miwngy4LJA0lST1gafLg+DHhi3n2CyfCi7x4JAVl2epe0+zsXpB2jkZtHanXWloc
 FuMw==
MIME-Version: 1.0
X-Received: by 10.112.36.165 with SMTP id r5mr25962454lbj.3.1440516544168;
 Tue, 25 Aug 2015 08:29:04 -0700 (PDT)
Received: by 10.112.149.201 with HTTP; Tue, 25 Aug 2015 08:29:04 -0700 (PDT)
In-Reply-To: <CADV=szV+8qktKSCY4q9khEWfjL-R36Kt+tu5EEDAzcohY0noHQ@mail.gmail.com>
References: <CA+sg5RRppb8-paYnYtL8UMnSfP0ebzUwtM4LLNGayudCwXpyag@mail.gmail.com>
 <20150825162841.b8f840ab.freebsd@edvax.de>
 <1440514692.6714.13.camel@michaeleichorn.com>
 <55DC8527.7000802@buildingonline.com>
 <CADV=szV+8qktKSCY4q9khEWfjL-R36Kt+tu5EEDAzcohY0noHQ@mail.gmail.com>
Date: Tue, 25 Aug 2015 10:29:04 -0500
Message-ID: <CA+tpaK3it_rjN1DmnUtEYEkxpDM1RH6pB2C4C1HKXope_Q+Y1Q@mail.gmail.com>
Subject: Re: Blocking SSH access based on bad logins?
From: Adam Vande More <amvandemore@gmail.com>
To: "Brian W." <brian@brianwhalen.net>
Cc: Dan Busarow <dan@buildingonline.com>, 
 FreeBSD Mailing List <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2015 15:29:08 -0000

On Tue, Aug 25, 2015 at 10:22 AM, Brian W. <brian@brianwhalen.net> wrote:

> There is a port called denyhosts that works pretty well. There is a single
> configuration file and you just edit that to what you want. It adds a
> hosts.deniedssh file that it writes data to based on log activity.
>

Technically, you add the /etc/hosts.deniedssh file and that is really just
an arbitrary design.  It could just as well be /etc/hosts.allow for many
setups.

Also denyhosts is still the only blocker which is able to proactively block
known bad hosts(and not by default).  At least is used to work, not sure if
that part still does.

-- 
Adam