From owner-freebsd-questions@FreeBSD.ORG Thu Nov 29 09:25:33 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 25795E3E for ; Thu, 29 Nov 2012 09:25:33 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-ia0-f182.google.com (mail-ia0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id DBF8E8FC13 for ; Thu, 29 Nov 2012 09:25:32 +0000 (UTC) Received: by mail-ia0-f182.google.com with SMTP id x2so13438564iad.13 for ; Thu, 29 Nov 2012 01:25:31 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=AzcN+JBaqC8UqipAwfFdRnXbBQ19eqYSGH9z52D7lEY=; b=DwFa+t2sMH8kp3wLX4Dp8/eT6kRYm+dlsD4wRzzARh8cRJIYDM5B+8T7iAeAtu25Kr 32XTx94hSE8sv1zZF/eUVLKZIEGIo6tAzForSXCEHfspvguGm2vsajQ1iEuw1QeFtcLH qovD3LGEhVgAwAK72TMA82q+Ow3Dk2n9szHYnMsjyfPfgE8VXDuXjTV5BbOo/11yRNq+ CXe9WsW+JZXVZ0bHmN9SOUGWneHP65PaXtFvuIJl8tHT5s6ooyOUtaFoKIKCcWyycvIK eG/7hYxPOniZz8Kh5H9mEG27wSolcMGKEds7ZGEP1fo57Y+i6HK1OiOIsZrgzvSD3OnK sNFQ== MIME-Version: 1.0 Received: by 10.43.14.135 with SMTP id pq7mr19542578icb.8.1354181131685; Thu, 29 Nov 2012 01:25:31 -0800 (PST) Received: by 10.64.147.34 with HTTP; Thu, 29 Nov 2012 01:25:31 -0800 (PST) In-Reply-To: References: Date: Thu, 29 Nov 2012 10:25:31 +0100 Message-ID: Subject: Re: denyhosts, fail2ban, or something else? From: Damien Fleuriot To: Aleksandr Miroslav Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlXqmwZuaU43nVg+YxfpDC8qFLY06New6Fzyi+6gKQy9wTgN45L1U2V/gapwye3h8KTrzDT Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Nov 2012 09:25:33 -0000 On 27 November 2012 23:25, Aleksandr Miroslav wrote: > Finally got sick of seeing tons of ssh break-in attempts in my logs. Am > considering using denyhosts, or fail2ban. Anyone have any experience > with these? > > I'm already using the AllowUsers facility of ssh to only allow specific > users in, so I'm not overly concerned about the attempts. > > This is for a FreeBSD 8.x box running pf, btw. > Since nobody has mentioned it, I'll point you to sshguard. It integrates with PF or IPFW and does the job. As for AllowUsers, that's a good thing, I'm going that as well. Some might argue that it's overkill, well let me tell you, virtually nothing is overkill when it aims at preventing unauthorized SSH access to your box.