[Sshguard-users] using sshguard to block attempts at hpn enabled publickey only server

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,
I've recently switched some Internet facing machines from
"publickey,keyboard-interactive" to "publickey" only authentication.
On OpenSSH_6.7p1, that is achieved by setting

PasswordAuthentication no

in the sshd config. Server has HPN patches, so full version string
is OpenSSH_6.7p1-hpn14v5. I've noticed that sshguard no longer blocks
bruteforce attempts (like it used to when keyboard-interactive was
enabled). This is what appears in the logs:

Jan  5 10:32:51 pulley sshd[24107]: SSH: Server;Ltype: Version;Remote:
103.41.124.32-48688;Protocol: 2.0;Client: PUTTY
Jan  5 10:32:51 pulley sshd[24107]: SSH: Server;Ltype: Kex;Remote:
103.41.124.32-48688;Enc: aes128-ctr;MAC: hmac-sha1;Comp: none [preauth]
Jan  5 10:32:51 pulley sshd[24105]: SSH: Server;Ltype: Authname;Remote:
103.41.124.29-53907;Name: root [preauth]
Jan  5 10:32:51 pulley sshd[24105]: Received disconnect from 103.41.124.29:
11:  [preauth]

Any ideas on how to achieve blocking in this case?

[Sshguard-users] using sshguard to block attempts at hpn enabled publickey only server

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] using sshguard to block attempts at hpn enabled publickey only server