Date: Tue, 25 Aug 2015 09:09:27 -0600 From: Dan Busarow <dan@buildingonline.com> To: freebsd-questions@freebsd.org Subject: Re: Blocking SSH access based on bad logins? Message-ID: <55DC8527.7000802@buildingonline.com> In-Reply-To: <1440514692.6714.13.camel@michaeleichorn.com> References: <CA%2Bsg5RRppb8-paYnYtL8UMnSfP0ebzUwtM4LLNGayudCwXpyag@mail.gmail.com> <20150825162841.b8f840ab.freebsd@edvax.de> <1440514692.6714.13.camel@michaeleichorn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/25/15 8:58 AM, Michael B. Eichorn wrote: > On Tue, 2015-08-25 at 16:28 +0200, Polytropon wrote: >> On Tue, 25 Aug 2015 09:16:16 -0400, Jaime Kikpole wrote: >>> I've noticed a number of SSH login attempts for the username "admin" >>> on my FreeBSD systems. None of them have a username of "admin". So >>> I >>> was wondering if there was a way (even via a port) to tell the >>> system, >>> "If an IP tries to login as 'admin', block that IP." >> >> I think "fail2ban" is the solution you are searching for. >> >> >> >>> I'm already using SSHGuard to block certain obvious attempts to break >>> in. I'm fine with altering its configs or adding/switching to a new >>> port. >> >> You'll find "fail2ban" in the FreeBSD ports collection >> along with some documentation. It's easy to set up. :-) > > I thought SSHGuard and fail2ban were both equally vaild solutions to ssh > banning. Both use the logged failed attempt and create system level block > to the offending IP. Am I wrong on this? > I use sshguard on FreeBSD and prefer it. I use fail2ban on the few Debian boxes I manage. Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55DC8527.7000802>