Does SSHGuard protect against brute force WebGUI login attempts?



  • Just like the subject question...

    I was unaware of SSHGuard until updating to 2.4.4_1 today and like the sounds of it. Does it also protect the WebGUI from repeated login attempts and/or can it be made to do that?


  • Netgate Administrator

    It was new in 2.4.4.

    Yes it does monitor web logins also:

    Dec  3 22:57:11 apu php-fpm[693]: /index.php: Session timed out for user 'admin' from: 172.21.16.5 (Local Database)
    Dec  3 22:57:37 apu php-fpm[693]: /index.php: webConfigurator authentication error for user 'admin' from: 172.21.16.5
    Dec  3 22:57:37 apu sshguard[5706]: Attack from "172.21.16.5" on service 380 with danger 10.
    

    There were some additional controls added in 2.4.4p1 for it in System > Advanced > Admin Access.

    Steve



  • If you're that concerned about brute-force attacks then do the sensible thing and don't expose WebGUI/ssh to WAN. Put it all behind OpenVPN and access it through that.