Menu
▾
▴
[SSHGuard-users] Configuring and running with IPFilter on OmniOS (Illumos)
|
From: Alexei A. <ale...@gm...> - 2025-05-06 13:13:02
|
Hi ! Continuing the saga on this :) So initially we found this how to - https://blog.up-link.ro/ssh-security-how-to-block-ssh-brute-force-attacks-with-sshguard/ - however this seems to be too BSD specific, doesn't look like it is applicable anymore. Current documentation doesn't explicitly mention how to configure ipfilter also - https://www.sshguard.net/docs/sshguard-setup.html#backends I found this post from 2015 - about sshg-fw wrapper - https://sourceforge.net/p/sshguard/mailman/sshguard-users/thread/558FD077.4040002%40gmail.com/#msg34247782 What is the best way to proceed with this? Logging is enabled to /var/adm/auth.log and btw port is also non standard for SSH (but I think this is now supported OK also). # tail /var/adm/auth.log May 6 13:09:27 test sshd-session[6430]: [ID 800047 auth.error] error: PAM: Authentication failed for root from **** May 6 13:09:31 test sshd-session[6430]: [ID 800047 auth.info] Connection closed by authenticating user root **** port 45283 [preauth] May 6 13:09:38 test sshd-session[6434]: [ID 800047 auth.info] Connection closed by authenticating user root **** port 33144 [preauth] May 6 13:09:45 test sshd-session[6436]: [ID 800047 auth.error] error: PAM: Authentication failed for root from **** May 6 13:09:46 test last message repeated 1 time May 6 13:09:46 test sshd-session[6436]: [ID 800047 auth.info] Postponed keyboard-interactive for root from **** port 52220 ssh2 [preauth] May 6 13:09:46 test sshd-session[6436]: [ID 800047 auth.error] error: PAM: Authentication failed for root from **** May 6 13:09:47 test sshd-session[6436]: [ID 800047 auth.info] Failed password for root from **** port 52220 ssh2 May 6 13:09:47 test last message repeated 1 time May 6 13:09:47 test sshd-session[6436]: [ID 800047 auth.error] error: maximum authentication attempts exceeded for root from **** port 52220 ssh2 [preauth] May 6 13:09:47 test sshd-session[6436]: [ID 800047 auth.info] Disconnecting authenticating user root **** port 52220: Too many authentication failures [preauth] -- Best regards, Aleksey Anisimov |
