From owner-freebsd-questions@FreeBSD.ORG  Sat Jun 20 11:55:54 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 342A827F
 for <freebsd-questions@hub.freebsd.org>; Sat, 20 Jun 2015 11:55:54 +0000 (UTC)
 (envelope-from mail@ozzmosis.com)
Received: from homiemail-a115.g.dreamhost.com (sub5.mail.dreamhost.com
 [208.113.200.129])
 by mx1.freebsd.org (Postfix) with ESMTP id 192862F9
 for <freebsd-questions@freebsd.org>; Sat, 20 Jun 2015 11:55:53 +0000 (UTC)
 (envelope-from mail@ozzmosis.com)
Received: from homiemail-a115.g.dreamhost.com (localhost [127.0.0.1])
 by homiemail-a115.g.dreamhost.com (Postfix) with ESMTP id 6C8F44E4E;
 Sat, 20 Jun 2015 04:55:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=ozzmosis.com; h=date:from
 :to:cc:subject:message-id:references:mime-version:content-type
 :in-reply-to; s=ozzmosis.com; bh=jC6cmiuiDiYPISUbIY4EW7PrV+I=; b=
 ZkBs/fmds6kOPvwmkA3J3naP6l0mghyqFQ8AtkK6FhMoBhyb3geuONjVRMpkNScj
 neTRcpR7iWUrVuUfe2N22J2TkDmZMwhUTa2UHdZ3hQpOvmlsEiLdto27pcs060Ad
 MRWTQSdh6k2FJhOer2ey8bm2jQd7R2c1wTCKXMZku8w=
Received: from blizzard.ozzmosis.com (unknown [203.217.88.246])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: relay@ozzmosis.com)
 by homiemail-a115.g.dreamhost.com (Postfix) with ESMTPSA id 19ECD4E40;
 Sat, 20 Jun 2015 04:55:47 -0700 (PDT)
Received: by blizzard.ozzmosis.com (Postfix, from userid 1001)
 id A87ECB59; Sat, 20 Jun 2015 21:55:44 +1000 (AEST)
Date: Sat, 20 Jun 2015 21:55:44 +1000
From: andrew clarke <mail@ozzmosis.com>
To: John Holland <jholland@vin-dit.org>
Cc: freebsd-questions@freebsd.org
Subject: Re: denyhosts/pfctl to block repeated logins?
Message-ID: <20150620115544.GA77489@ozzmosis.com>
References: <99DC5CD3-1D40-4A6B-B553-DA2619E942EF@vin-dit.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <99DC5CD3-1D40-4A6B-B553-DA2619E942EF@vin-dit.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jun 2015 11:55:54 -0000

On Sat 2015-06-20 07:34:50 UTC-0400, John Holland (jholland@vin-dit.org) wrote:

> What is the best tool to use to block repeated login attempts from
> unauthorized hosts?  And for deny hosts, how you unblock someone who
> is legitimate?

"Best tool" is difficult to answer since it depends on your exact
requirements.

Also once an admin finds an IP blocker that works for them, they may
tend to stick with it rather than try all the alternatives.

For blocking unsuccessful ssh logins, sshguard-ipfw works for me.

http://www.sshguard.net/docs/faqs/