Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSH defence

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 7 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dvserg
      last edited by

      Hi
      Yestaday i found in my log this (3 hours spam)

      
      ...
      Nov 23 21:23:35 sshd[73470]: Failed password for invalid user tokyo from 218.108.93.133 port 54308 ssh2
      Nov 23 21:23:35 sshd[73470]: Invalid user tokyo from 218.108.93.133
      Nov 23 21:23:31 sshd[73370]: Failed password for invalid user tokyo from 218.108.93.133 port 54192 ssh2
      Nov 23 21:23:31 sshd[73370]: Invalid user tokyo from 218.108.93.133
      Nov 23 21:23:27 sshd[73273]: Failed password for invalid user tokyo from 218.108.93.133 port 54084 ssh2
      ...
      
      

      Exists SSH defense for blocked sender IP after 3-5 errors?

      SquidGuardDoc EN  RU Tutorial
      Localization ru_PFSense

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Simplest approach is to move SSH to a non-standard port.

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          This was discussed at length not long ago in this thread.
          http://forum.pfsense.org/index.php/topic,6462.0.html

          SSH is encrypted, pfSense can't tell the difference between failed and successful logins. You need host controls for this. See the linked thread for some good recommendations.

          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            Thanks for replay

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • R
              rsw686
              last edited by

              I restrict the access time with a schedule for the rule. Plus for the rule advanced options I limit the maximum new connections per x seconds. Granted this will only work if SSH isn't used by many people at once.

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                @rsw686:

                I restrict the access time with a schedule for the rule. Plus for the rule advanced options I limit the maximum new connections per x seconds. Granted this will only work if SSH isn't used by many people at once.

                Exellent. This good way too.
                Thanks.

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • H
                  heiko
                  last edited by

                  it runs great for a long time!

                  ScreenShot001.jpg
                  ScreenShot001.jpg_thumb

                  1 Reply Last reply Reply Quote 0
                  • L
                    littlejohn
                    last edited by

                    I've used denyhosts before (although not on pfSense)

                    http://denyhosts.sourceforge.net/

                    It's a python script daemon, so I'm not exactly sure what'd be the best bet:

                    rewrite in php?
                    rewrite in C?
                    make a python package for pfSense?

                    Not that I'm volunteering for any of these options!

                    Cheers,
                    Littlejohn

                    1 Reply Last reply Reply Quote 0
                    • D
                      djmizt
                      last edited by

                      Denyhost is available thru pkg_add

                      just note that the package may not install all dependencies - just read the message after the install

                      using it with pfsense and works fine

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.