Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disable or whitelist sshguard

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 6 Posters 7.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz

      @pfnewb2016 said in Disable or whitelist sshguard:

      believe sshguard is overriding the firewall rules allowing connections to ports 22, 443.

      Its not overriding the rules - the rules still allow you to TALK to the port... sshguard is just blocking you from logging in because of failed login attempts..

      The login protection section in the gui is pretty straight forward on the settings..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      P 1 Reply Last reply Reply Quote 0
      • P
        pfnewb2016 @johnpoz
        last edited by pfnewb2016

        @johnpoz
        Nope, sshguard blocks talking to the port, the webpage doesn't load. This is not a failed login, it happens before that and is documented here. The effect is that sshguard is overriding the Firewall Allow rules. In my case sshguard saw failed logins on snmp and ssh and blocked the the source IP from all service ports.

        Re. "Login protection is straight forward": the gui simple enough, however:

        1. It's not documented that by default, even with Firewall allow rules in place, it is possible for Login Protection to prevent access to the inside interface on both ssh and https.

        2. There is no GUI that shows IP's currently or previously blocked by Login Protection. The log entry only shows the "attack", not the action or duration. IMO, there should be more logging and it s/b either under Firewall or it's own category.

        3. The logs are not under Firewall rules, so when you can't login from one PC and then go to the firewall logs and don't see the block it's hard to troubleshoot.

        4. The log entries in General are sourced or labeled sshguard, not Login Protection. This make it difficult to correlate the sshguard entry with Login Protection, particularly without any pfsense documentation.

        1 Reply Last reply Reply Quote 1
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          You should see logged immediately before the sshguard line what triggered it's attack response:

          Jun 24 00:17:49 	php-fpm 	30238 	/index.php: webConfigurator authentication error for user 'admin' from: 172.21.16.5
          Jun 24 00:17:50 	sshguard 	65461 	Attack from "172.21.16.5" on service 380 with danger 10. 
          

          That should only ever be for services on the firewall itself.

          Steve

          1 Reply Last reply Reply Quote 0
          • B
            bhagya_jani2277
            last edited by

            I am facing the same problem!!
            Did you found any solutions for it ??

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @bhagya_jani2277
              last edited by

              @bhagya_jani2277 said in Disable or whitelist sshguard:

              I am facing the same problem!!

              What problem ?
              The 'solution' was and still is : stop using wrong login name and/or passwords.

              For SSH login : skip the password login all together, using a cert login.
              Web login : have the browser remembering your password and you'll be ok.

              If some (other) process in pour device (pc, portable, etc) is hammering port 22 or 80 or 443 on pfSRnse, then yes, your device - the IP - will get blocked.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              B 1 Reply Last reply Reply Quote 0
              • B
                bhagya_jani2277 @Gertjan
                last edited by

                @gertjan I am trying to access my pfsense from wan but SSHGUARD is blocking the both GUI and SSH ports and whenever I try to access from WAN so it refuses .

                I found this thing by running this code pfctl -sr and in result i found this :

                Sshguard.PNG

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Those are default rules. They only block you if you've been locked out by entering the wrong credentials enough times.

                  https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#locked-out-by-too-many-failed-login-attempts

                  Steve

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @stephenw10
                    last edited by

                    Why are 2 threads for the same thing?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    B 1 Reply Last reply Reply Quote 1
                    • B
                      bhagya_jani2277 @johnpoz
                      last edited by

                      @johnpoz I was searching for solution and saw this post, So just asked here that they get the solution or not.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Ok, let's continue this in the other thread since this appears unrealed to sshguard.
                        https://forum.netgate.com/topic/160415/having-issues-in-accessing-pfsense-using-ssh

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.