From owner-freebsd-questions@FreeBSD.ORG Wed Nov 28 08:22:36 2012 Return-Path: <owner-freebsd-questions@FreeBSD.ORG> Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3D5FAB6F for <freebsd-questions@freebsd.org>; Wed, 28 Nov 2012 08:22:36 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241]) by mx1.freebsd.org (Postfix) with ESMTP id BB6518FC08 for <freebsd-questions@freebsd.org>; Wed, 28 Nov 2012 08:22:35 +0000 (UTC) Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1]) by fileserver.home.qeng-ho.org (8.14.5/8.14.5) with ESMTP id qAS8MShX007069; Wed, 28 Nov 2012 08:22:28 GMT (envelope-from freebsd@qeng-ho.org) Message-ID: <50B5C9C4.9060006@qeng-ho.org> Date: Wed, 28 Nov 2012 08:22:28 +0000 From: Arthur Chance <freebsd@qeng-ho.org> User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Aleksandr Miroslav <alexmiroslav@gmail.com> Subject: Re: denyhosts, fail2ban, or something else? References: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com> In-Reply-To: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions> List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 28 Nov 2012 08:22:36 -0000 On 11/27/12 22:25, Aleksandr Miroslav wrote: > Finally got sick of seeing tons of ssh break-in attempts in my logs. Am > considering using denyhosts, or fail2ban. Anyone have any experience > with these? > > I'm already using the AllowUsers facility of ssh to only allow specific > users in, so I'm not overly concerned about the attempts. > > This is for a FreeBSD 8.x box running pf, btw. It's probably major overkill and may not fit your needs but this article by Colin Percival is an interesting enhancement to the non-standard port solution. http://www.daemonology.net/blog/2012-08-30-protecting-sshd-using-spiped.html