Does SSHGuard protect against brute force WebGUI login attempts?

  • Just like the subject question...

    I was unaware of SSHGuard until updating to 2.4.4_1 today and like the sounds of it. Does it also protect the WebGUI from repeated login attempts and/or can it be made to do that?

  • Netgate Administrator

    It was new in 2.4.4.

    Yes it does monitor web logins also:

    Dec  3 22:57:11 apu php-fpm[693]: /index.php: Session timed out for user 'admin' from: (Local Database)
    Dec  3 22:57:37 apu php-fpm[693]: /index.php: webConfigurator authentication error for user 'admin' from:
    Dec  3 22:57:37 apu sshguard[5706]: Attack from "" on service 380 with danger 10.

    There were some additional controls added in 2.4.4p1 for it in System > Advanced > Admin Access.


  • If you're that concerned about brute-force attacks then do the sensible thing and don't expose WebGUI/ssh to WAN. Put it all behind OpenVPN and access it through that.

Log in to reply