[Sshguard-users] configuration options

[<dt...@gm...>]

I just filled out the survey. Some things I did not see and would really find 
helpful:

   (1) config file used to input/add to/change the regular expressions used to
       trigger blocks

   (2) A good number of attackers figure out the blocking parameters and then
       make a large number of requests at a rate that does not trigger
       blocking. I use sshguard on closed systems (no external users) and open
       systems, so my setting are very different as must (of my) users do not
       use keys and mistype their passwords.

       A nice addition would be a trigger that more than <n> failures per day
       would trigger a block. The duration should also be optional but at
       least a day. It could be <n> attempts on more than <m> users.

And on a much lower priority: a utility to prune the black list. Now I use the 
blacklist only on closed systems.

I have a system sorely in need of updating because of access limitations. On 
that system I have some scripts to sorta do what sshguard does. That system
gets an order (or more) in magnitude more attacks. I look forward to getting 
there and updating that system.


_____
Douglas Denault
http://www.safeport.com
do...@sa...
Voice: 301-217-9220
   Fax: 301-217-9277