From owner-freebsd-questions@FreeBSD.ORG  Thu Nov 29 09:25:33 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 25795E3E
 for <freebsd-questions@freebsd.org>; Thu, 29 Nov 2012 09:25:33 +0000 (UTC)
 (envelope-from ml@my.gd)
Received: from mail-ia0-f182.google.com (mail-ia0-f182.google.com
 [209.85.210.182])
 by mx1.freebsd.org (Postfix) with ESMTP id DBF8E8FC13
 for <freebsd-questions@freebsd.org>; Thu, 29 Nov 2012 09:25:32 +0000 (UTC)
Received: by mail-ia0-f182.google.com with SMTP id x2so13438564iad.13
 for <freebsd-questions@freebsd.org>; Thu, 29 Nov 2012 01:25:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type:x-gm-message-state;
 bh=AzcN+JBaqC8UqipAwfFdRnXbBQ19eqYSGH9z52D7lEY=;
 b=DwFa+t2sMH8kp3wLX4Dp8/eT6kRYm+dlsD4wRzzARh8cRJIYDM5B+8T7iAeAtu25Kr
 32XTx94hSE8sv1zZF/eUVLKZIEGIo6tAzForSXCEHfspvguGm2vsajQ1iEuw1QeFtcLH
 qovD3LGEhVgAwAK72TMA82q+Ow3Dk2n9szHYnMsjyfPfgE8VXDuXjTV5BbOo/11yRNq+
 CXe9WsW+JZXVZ0bHmN9SOUGWneHP65PaXtFvuIJl8tHT5s6ooyOUtaFoKIKCcWyycvIK
 eG/7hYxPOniZz8Kh5H9mEG27wSolcMGKEds7ZGEP1fo57Y+i6HK1OiOIsZrgzvSD3OnK
 sNFQ==
MIME-Version: 1.0
Received: by 10.43.14.135 with SMTP id pq7mr19542578icb.8.1354181131685; Thu,
 29 Nov 2012 01:25:31 -0800 (PST)
Received: by 10.64.147.34 with HTTP; Thu, 29 Nov 2012 01:25:31 -0800 (PST)
In-Reply-To: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
References: <CACcSE1w-iDyzfmAGSGYRA30VBy9DytQCsfKBHr=RGtdqovEvQg@mail.gmail.com>
Date: Thu, 29 Nov 2012 10:25:31 +0100
Message-ID: <CAE63ME5Z_K2ytXYm1hVnoYhO_bfNUS6H9rixKgQrPf_icY5yvw@mail.gmail.com>
Subject: Re: denyhosts, fail2ban, or something else?
From: Damien Fleuriot <ml@my.gd>
To: Aleksandr Miroslav <alexmiroslav@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQlXqmwZuaU43nVg+YxfpDC8qFLY06New6Fzyi+6gKQy9wTgN45L1U2V/gapwye3h8KTrzDT
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Nov 2012 09:25:33 -0000

On 27 November 2012 23:25, Aleksandr Miroslav <alexmiroslav@gmail.com> wrote:
> Finally got sick of seeing tons of ssh break-in attempts in my logs. Am
> considering using denyhosts, or fail2ban. Anyone have any experience
> with these?
>
> I'm already using the AllowUsers facility of ssh to only allow specific
> users in, so I'm not overly concerned about the attempts.
>
> This is for a FreeBSD 8.x box running pf, btw.
>


Since nobody has mentioned it, I'll point you to sshguard.

It integrates with PF or IPFW and does the job.

As for AllowUsers, that's a good thing, I'm going that as well.
Some might argue that it's overkill, well let me tell you, virtually
nothing is overkill when it aims at preventing unauthorized SSH access
to your box.