Date: Tue, 25 Aug 2015 08:22:31 -0700 From: "Brian W." <brian@brianwhalen.net> To: Dan Busarow <dan@buildingonline.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Blocking SSH access based on bad logins? Message-ID: <CADV=szV%2B8qktKSCY4q9khEWfjL-R36Kt%2Btu5EEDAzcohY0noHQ@mail.gmail.com> In-Reply-To: <55DC8527.7000802@buildingonline.com> References: <CA%2Bsg5RRppb8-paYnYtL8UMnSfP0ebzUwtM4LLNGayudCwXpyag@mail.gmail.com> <20150825162841.b8f840ab.freebsd@edvax.de> <1440514692.6714.13.camel@michaeleichorn.com> <55DC8527.7000802@buildingonline.com>
next in thread | previous in thread | raw e-mail | index | archive | help
There is a port called denyhosts that works pretty well. There is a single configuration file and you just edit that to what you want. It adds a hosts.deniedssh file that it writes data to based on log activity. Brian On Aug 25, 2015 8:15 AM, "Dan Busarow" <dan@buildingonline.com> wrote: > On 8/25/15 8:58 AM, Michael B. Eichorn wrote: > > On Tue, 2015-08-25 at 16:28 +0200, Polytropon wrote: > >> On Tue, 25 Aug 2015 09:16:16 -0400, Jaime Kikpole wrote: > >>> I've noticed a number of SSH login attempts for the username "admin" > >>> on my FreeBSD systems. None of them have a username of "admin". So > >>> I > >>> was wondering if there was a way (even via a port) to tell the > >>> system, > >>> "If an IP tries to login as 'admin', block that IP." > >> > >> I think "fail2ban" is the solution you are searching for. > >> > >> > >> > >>> I'm already using SSHGuard to block certain obvious attempts to break > >>> in. I'm fine with altering its configs or adding/switching to a new > >>> port. > >> > >> You'll find "fail2ban" in the FreeBSD ports collection > >> along with some documentation. It's easy to set up. :-) > > > > I thought SSHGuard and fail2ban were both equally vaild solutions to ssh > > banning. Both use the logged failed attempt and create system level block > > to the offending IP. Am I wrong on this? > > > > I use sshguard on FreeBSD and prefer it. I use fail2ban on the few > Debian boxes I manage. > > Dan > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADV=szV%2B8qktKSCY4q9khEWfjL-R36Kt%2Btu5EEDAzcohY0noHQ>