Date: Wed, 17 Sep 2008 19:29:43 -0400 From: Greg Larkin <glarkin@FreeBSD.org> To: "Marc G. Fournier" <scrappy@hub.org> Cc: freebsd-questions@freebsd.org Subject: Re: Auto blacklist ssh connections ... Message-ID: <48D192E7.4060208@FreeBSD.org> In-Reply-To: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org> References: <14143EECEC1CC52A4BC39AC3@ganymede.hub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marc G. Fournier wrote:
>
> Does anyone know of a utility that I can use with sshd to auto-block by IP if
> there are more then N failed attempts in a row?
>
> ie:
>
> # grep "Invalid user" /var/log/auth.log| awk '{print $10}' | sort | uniq -c |
> sort -nr
[...]
>
>
> This is for one day ... I'd like to be able to throttle so that after X Invalid
> user attempts, the IP gets blocked ...
>
> Possible?
>
Hi Marc,
Coincidentally, I've been replacing sshit with sshguard (both in ports)
on several servers today. sshguard seems to be more configurable and
supports a number of blocking methods - multiple firewalls as well as
/etc/hosts.deny. Here's the full documentation:
http://sshguard.sourceforge.net/doc/
Hope that helps,
Greg
- --
Greg Larkin
http://www.FreeBSD.org/ - The Power To Serve
http://www.sourcehosting.net/ - Ready. Set. Code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI0ZLn0sRouByUApARAt5XAJ91sn31ryJ4iq+t4OzVoORYK29IVwCglRAG
rE3TmCDo70nzxvUBFWVCUJI=
=fQhA
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48D192E7.4060208>