Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. sshguard
    Log in to post
    • All categories
    • U

      SSHd and SSHGuard logs in pfSense

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions sshd sshguard
      10
      0 Votes
      10 Posts
      1k Views
      U

      @johnpoz
      Yes sir they said that I can disable that

      It is a huge burden off my shoulders

    • mtarboxM

      sshguard and oddities in the daily system log email

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions sshguard systemlogs
      8
      0 Votes
      8 Posts
      2k Views
      GertjanG

      @mtarbox said in sshguard and oddities in the daily system log email:

      Nothing is hammering on the logs

      Most probably because it isn't the 'ssh' server that hammers itself.
      Some other process still keeps on going on port 22, but doesn't know that the ones living there has moved.
      So sshguard won't see the warning messages from the ssh server in the logs and doesn't add its own.
      Nothing in the logs doesn't mean nothing is happening.

      If there is a rogue ssh client running somewhere, it should be detected and be accounted for.

      wireshark on interface LAN host adresses "192.168.2.1" TCP port 22" and see what pops up.
      Try all the interfaces.

    • gnitingG

      sshguard complaining about an attack from the pfSense system itself?

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions ssh sshguard logs
      2
      0 Votes
      2 Posts
      1k Views
      GertjanG

      @ibbetsion said in sshguard complaining about an attack from the pfSense system itself?:

      192.168.1.2 is assigned IP of the pfSense firewall from my ISP router. It is the only device connected to the ISP router

      This is a WAN interface ...

      192.168.7.1 is the IP of the pfSense firewall itself (WAN1)

      Another WAN interface ...

      192.168.5.2 is the assigned IP of the second WAN port on the pfSense firewall (WAN2)

      And another WAN interface ...

      No LAN(s) ?

      Remove all rules on all WAN interfaces.
      The default action will be block all (DROP) - so sshguard won't be bothered again.