• SSHd and SSHGuard logs in pfSense

    General pfSense Questions sshd sshguard
    10
    0 Votes
    10 Posts
    2k Views
    U
    @johnpoz Yes sir they said that I can disable that It is a huge burden off my shoulders
  • 0 Votes
    8 Posts
    2k Views
    GertjanG
    @mtarbox said in sshguard and oddities in the daily system log email: Nothing is hammering on the logs Most probably because it isn't the 'ssh' server that hammers itself. Some other process still keeps on going on port 22, but doesn't know that the ones living there has moved. So sshguard won't see the warning messages from the ssh server in the logs and doesn't add its own. Nothing in the logs doesn't mean nothing is happening. If there is a rogue ssh client running somewhere, it should be detected and be accounted for. wireshark on interface LAN host adresses "192.168.2.1" TCP port 22" and see what pops up. Try all the interfaces.
  • 0 Votes
    2 Posts
    1k Views
    GertjanG
    @ibbetsion said in sshguard complaining about an attack from the pfSense system itself?: 192.168.1.2 is assigned IP of the pfSense firewall from my ISP router. It is the only device connected to the ISP router This is a WAN interface ... 192.168.7.1 is the IP of the pfSense firewall itself (WAN1) Another WAN interface ... 192.168.5.2 is the assigned IP of the second WAN port on the pfSense firewall (WAN2) And another WAN interface ... No LAN(s) ? Remove all rules on all WAN interfaces. The default action will be block all (DROP) - so sshguard won't be bothered again.