block the ssh attacks with sshguard

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"


It will do more than ssh now, but for now that is enough!

Get it here: sshguard.sf.net

Make it:

./configure --with-firewall=iptables
make
su -
make install

Tweak your syslog (or other logging) to allow it to pipe to a fifo for auth messages and hup your syslog.

Add a firewall rule to chain to iptables (if that is what you run, pf users are suggested to read the man page :-)

iptables -A INPUT -p tcp --dport 22 -j sshguard
or if you want to block all attackers on all ports, change the second one to:
iptables -A INPUT -j sshguard

ip6tables apply for lucky ipv6 users!

(make sure you don't load a default allow rule for the ports you want to use sshguard for before the sshguard rules!)

Load it up with either:

auth.info;authpriv.info    |/usr/local/sbin/sshguard

or if you pipe:

mkfifo /var/log/sshguard.fifo
auth.info;authpriv.info    |/var/log/sshguard.fifo #high up in syslog to split off auth logging.
killall -HUP syslogd
cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard &




[æ]