From owner-freebsd-questions@FreeBSD.ORG Wed Nov 28 00:46:46 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 18FA2F9C for ; Wed, 28 Nov 2012 00:46:46 +0000 (UTC) (envelope-from bonomi@mail.r-bonomi.com) Received: from mail.r-bonomi.com (mx-out.r-bonomi.com [204.87.227.120]) by mx1.freebsd.org (Postfix) with ESMTP id 993108FC13 for ; Wed, 28 Nov 2012 00:46:44 +0000 (UTC) Received: (from bonomi@localhost) by mail.r-bonomi.com (8.14.4/rdb1) id qAS0kHYK005858; Tue, 27 Nov 2012 18:46:17 -0600 (CST) Date: Tue, 27 Nov 2012 18:46:17 -0600 (CST) From: Robert Bonomi Message-Id: <201211280046.qAS0kHYK005858@mail.r-bonomi.com> To: alexmiroslav@gmail.com, freebsd-questions@freebsd.org Subject: Re: denyhosts, fail2ban, or something else? In-Reply-To: X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2012 00:46:46 -0000 > From owner-freebsd-questions@freebsd.org Tue Nov 27 16:26:46 2012 > Date: Tue, 27 Nov 2012 17:25:08 -0500 > Subject: denyhosts, fail2ban, or something else? > From: Aleksandr Miroslav > To: freebsd-questions@freebsd.org > > Finally got sick of seeing tons of ssh break-in attempts in my logs. Am > considering using denyhosts, or fail2ban. Anyone have any experience > with these? > > I'm already using the AllowUsers facility of ssh to only allow specific > users in, so I'm not overly concerned about the attempts. The single most effective method of reducng such log 'noise' is to run sshd on a non-standard port. Does NOT provide any added security; DOES reduce the noise. virtually _100%_effective_ at noise reduction. fail2ban is painlesss to install/configure. Helps with repeat stuff from he same source. Not much help with 'distributed' sources. I've used it, found "non-standard port" to be 'good enough for me'.