From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 27 23:55:41 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id AACD645E
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 23:55:41 +0000 (UTC)
 (envelope-from frank@undermydesk.org)
Received: from amazone.undermydesk.org (amazone.undermydesk.org
 [213.211.198.100])
 by mx1.freebsd.org (Postfix) with ESMTP id 5145C8FC13
 for <freebsd-questions@freebsd.org>; Tue, 27 Nov 2012 23:55:40 +0000 (UTC)
Received: from amazone.undermydesk.org (localhost [127.0.0.1])
 by amazone.undermydesk.org (Postfix) with ESMTP id DED6C286F61;
 Wed, 28 Nov 2012 00:49:51 +0100 (CET)
X-Virus-Scanned: amavisd-new at undermydesk.org
Received: from amazone.undermydesk.org ([213.211.198.100])
 by amazone.undermydesk.org (amazone.undermydesk.org [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id bOK4NxKSk2Yo; Wed, 28 Nov 2012 00:49:49 +0100 (CET)
Received: from [192.168.0.74] (p4FCDD6AB.dip.t-dialin.net [79.205.214.171])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by amazone.undermydesk.org (Postfix) with ESMTPSA id A5E63286A66;
 Wed, 28 Nov 2012 00:49:49 +0100 (CET)
Message-ID: <50B55196.7090905@undermydesk.org>
Date: Wed, 28 Nov 2012 00:49:42 +0100
From: Frank Reppin <frank@undermydesk.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Aleksandr Miroslav <alexmiroslav@gmail.com>
Subject: Re: denyhosts, fail2ban, or something else?
References: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
In-Reply-To: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2012 23:55:41 -0000

Hi,

On 27.11.2012 23:25, Aleksandr Miroslav wrote:
[...]
> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
>
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.
Not sure if letting sshd listen on a different port is an option
for your specific needs... but (at least in my experience) it
significantly cuts down those log entries since probably most of
these attempts are from bots anyways.

HTH,
Frank Reppin

-- 
43rd Law of Computing:
         Anything that can go wr
fortune: Segmentation violation -- Core dumped