- security News Forums
- > Protecting SSH from brute force attacks
- > How about SSHGUARD?
Posting 
How about SSHGUARD? 09 August 2009 18:30
I've been using SSHGUARD on my FreeBSD server for a while now. My
biggest irritation is that it tends to fill its temp files and can't
recover (can't seem to rename or delete the oldest file, so it blocks
itself). Could be a newer version will fix this, but meantime I just
added a daily cron script. I can live with that.
Here's an excerpt from a recent log:
Aug 7 09:59:18 seshat sshd[85137]: Connection from 202.30.194.25
port 46383
Aug 7 09:59:18 seshat sshd[85137]: Did not receive identification
string from 202.30.194.25
Aug 7 10:00:18 seshat sshd[85166]: Connection from 202.30.194.25
port 58082
Aug 7 10:00:19 seshat sshd[85166]: Invalid user lpd from
202.30.194.25
Aug 7 10:00:19 seshat sshd[85166]: Failed password for invalid user
lpd from 202.30.194.25 port 58082 ssh2
Aug 7 10:00:20 seshat sshd[85168]: Connection from 202.30.194.25
port 58584
Aug 7 10:00:21 seshat sshd[85168]: Invalid user lpa from
202.30.194.25
Aug 7 10:00:21 seshat sshd[85168]: Failed password for invalid user
lpa from 202.30.194.25 port 58584 ssh2
Aug 7 10:00:22 seshat sshd[85170]: Connection from 202.30.194.25
port 58696
Aug 7 10:00:23 seshat sshd[85170]: Invalid user admin from
202.30.194.25
Aug 7 10:00:23 seshat sshd[85170]: Failed password for invalid user
admin from 202.30.194.25 port 58696 ssh2
Aug 7 10:00:24 seshat sshd[85172]: Connection from 202.30.194.25
port 59210
Aug 7 10:00:25 seshat sshd[85172]: Invalid user admin from
202.30.194.25
Aug 7 10:00:25 seshat sshguard[81749]: Blocking 202.30.194.25: 4
failures over 6 seconds.
Aug 7 10:00:25 seshat sshd[85172]: Failed password for invalid user
admin from 202.30.194.25 port 59210 ssh2
Aug 7 10:00:25 seshat sshd[85175]: refused connect from
202.30.194.25 (202.30.194.25)
Aug 7 10:08:35 seshat sshguard[81749]: Releasing 202.30.194.25 after
490 seconds.
As you can see it's been working pretty well for me. YMMV.
- Threaded View
- Flat View
