block the ssh attacks with sshguard

home | blog | Terrible people and places | Covid-19 links | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts

It will do more than ssh now, but for now that is enough!

Get it here:

Make it:

./configure --with-firewall=iptables
su -
make install

Tweak your syslog (or other logging) to allow it to pipe to a fifo for auth messages and hup your syslog.

Add a firewall rule to chain to iptables (if that is what you run, pf users are suggested to read the man page :-)

iptables -A INPUT -p tcp --dport 22 -j sshguard
or if you want to block all attackers on all ports, change the second one to:
iptables -A INPUT -j sshguard

ip6tables apply for lucky ipv6 users!

(make sure you don't load a default allow rule for the ports you want to use sshguard for before the sshguard rules!)

Load it up with either:;    |/usr/local/sbin/sshguard

or if you pipe:

mkfifo /var/log/sshguard.fifo;    |/var/log/sshguard.fifo #high up in syslog to split off auth logging.
killall -HUP syslogd
cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard &