From owner-freebsd-questions@FreeBSD.ORG  Fri Jan  1 15:44:12 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 33B86106566C
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Jan 2010 15:44:12 +0000 (UTC)
	(envelope-from jd.bronson@hanadarko.com)
Received: from cheyenne.hanadarko.com
	(75-9-98-151.lightspeed.milwwi.sbcglobal.net [75.9.98.151])
	by mx1.freebsd.org (Postfix) with ESMTP id 0A22B8FC0C
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Jan 2010 15:44:11 +0000 (UTC)
Message-ID: <4B3E14A0.5040609@hanadarko.com>
Date: Fri, 01 Jan 2010 09:28:32 -0600
From: "J.D. Bronson" <jd.bronson@hanadarko.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0
MIME-Version: 1.0
CC: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@freebsd.org>
References: <4B3E0D11.1080101@pdconsec.net> <4B3E0FBD.2010605@sbcglobal.net>
	<4B3E1295.9050902@pdconsec.net>
In-Reply-To: <4B3E1295.9050902@pdconsec.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Blocking a slow-burning SSH bruteforce
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jan 2010 15:44:12 -0000

On 1/1/10 9:19 AM, David Rawling wrote:
> Darn.
>
> 1 is out because 22 is the one port that most organisations (including
> mine) allow out of their networks for administering routers.
>
> 2 is unfortunately not an option (as a consultant I do work from many
> networks)
>
> 4 - again I might have to log in any time ...
>
> 3 seems the best approach.
>
> Thanks for your thoughts, it's good to get second opinions.
>
> Dave.

I understand using/needing port 22 opened...but what another widely used 
port..like for Citrix (sp?) or something? - most firewalls have those 
ports open.

As far as controlling login time and access, I meant something like this:

# Authentication:
LoginGraceTime 1m
MaxAuthTries 2

# Allow staff access and users no access
AllowGroups staff



-- 
J.D. Bronson
Information Technology
Aurora Health Care - Milwaukee WI