From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 28 08:22:36 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 3D5FAB6F
 for <freebsd-questions@freebsd.org>; Wed, 28 Nov 2012 08:22:36 +0000 (UTC)
 (envelope-from freebsd@qeng-ho.org)
Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241])
 by mx1.freebsd.org (Postfix) with ESMTP id BB6518FC08
 for <freebsd-questions@freebsd.org>; Wed, 28 Nov 2012 08:22:35 +0000 (UTC)
Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1])
 by fileserver.home.qeng-ho.org (8.14.5/8.14.5) with ESMTP id qAS8MShX007069;
 Wed, 28 Nov 2012 08:22:28 GMT (envelope-from freebsd@qeng-ho.org)
Message-ID: <50B5C9C4.9060006@qeng-ho.org>
Date: Wed, 28 Nov 2012 08:22:28 +0000
From: Arthur Chance <freebsd@qeng-ho.org>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Aleksandr Miroslav <alexmiroslav@gmail.com>
Subject: Re: denyhosts, fail2ban, or something else?
References: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
In-Reply-To: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2012 08:22:36 -0000

On 11/27/12 22:25, Aleksandr Miroslav wrote:
> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
>
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.
>
> This is for a FreeBSD 8.x box running pf, btw.

It's probably major overkill and may not fit your needs but this article 
by Colin Percival is an interesting enhancement to the non-standard port 
solution.

http://www.daemonology.net/blog/2012-08-30-protecting-sshd-using-spiped.html