Menu
▾
▴
sshguard-users — User questions and answers, bugs, and general support
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
(10) |
Apr
(7) |
May
(6) |
Jun
(13) |
Jul
(4) |
Aug
|
Sep
|
Oct
(17) |
Nov
(5) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(2) |
Feb
|
Mar
|
Apr
(4) |
May
(2) |
Jun
(7) |
Jul
(10) |
Aug
(4) |
Sep
(14) |
Oct
|
Nov
(1) |
Dec
(7) |
| 2009 |
Jan
(17) |
Feb
(20) |
Mar
(11) |
Apr
(14) |
May
(8) |
Jun
(3) |
Jul
(22) |
Aug
(9) |
Sep
(8) |
Oct
(6) |
Nov
(4) |
Dec
(8) |
| 2010 |
Jan
(17) |
Feb
(9) |
Mar
(15) |
Apr
(24) |
May
(14) |
Jun
(1) |
Jul
(21) |
Aug
(6) |
Sep
(2) |
Oct
(2) |
Nov
(6) |
Dec
(9) |
| 2011 |
Jan
(11) |
Feb
(1) |
Mar
(3) |
Apr
(4) |
May
|
Jun
|
Jul
(2) |
Aug
(3) |
Sep
(2) |
Oct
(29) |
Nov
(1) |
Dec
(1) |
| 2012 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
(13) |
May
(4) |
Jun
(9) |
Jul
(2) |
Aug
(2) |
Sep
(1) |
Oct
(2) |
Nov
(11) |
Dec
(4) |
| 2013 |
Jan
(2) |
Feb
(2) |
Mar
(4) |
Apr
(13) |
May
(4) |
Jun
|
Jul
|
Aug
(1) |
Sep
(5) |
Oct
(3) |
Nov
(1) |
Dec
(3) |
| 2014 |
Jan
|
Feb
(3) |
Mar
(3) |
Apr
(6) |
May
(8) |
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
(3) |
Nov
(14) |
Dec
(8) |
| 2015 |
Jan
(16) |
Feb
(30) |
Mar
(20) |
Apr
(5) |
May
(33) |
Jun
(11) |
Jul
(15) |
Aug
(91) |
Sep
(23) |
Oct
(10) |
Nov
(7) |
Dec
(9) |
| 2016 |
Jan
(22) |
Feb
(8) |
Mar
(6) |
Apr
(23) |
May
(38) |
Jun
(29) |
Jul
(43) |
Aug
(43) |
Sep
(18) |
Oct
(8) |
Nov
(2) |
Dec
(25) |
| 2017 |
Jan
(38) |
Feb
(3) |
Mar
(1) |
Apr
|
May
(18) |
Jun
(2) |
Jul
(16) |
Aug
(2) |
Sep
|
Oct
(1) |
Nov
(4) |
Dec
(14) |
| 2018 |
Jan
(15) |
Feb
(2) |
Mar
(3) |
Apr
(5) |
May
(8) |
Jun
(12) |
Jul
(19) |
Aug
(16) |
Sep
(8) |
Oct
(13) |
Nov
(15) |
Dec
(10) |
| 2019 |
Jan
(9) |
Feb
(3) |
Mar
|
Apr
(2) |
May
|
Jun
(1) |
Jul
|
Aug
(5) |
Sep
(5) |
Oct
(12) |
Nov
(4) |
Dec
|
| 2020 |
Jan
(2) |
Feb
(6) |
Mar
|
Apr
|
May
(11) |
Jun
(1) |
Jul
(3) |
Aug
(22) |
Sep
(8) |
Oct
|
Nov
(2) |
Dec
|
| 2021 |
Jan
(7) |
Feb
|
Mar
(19) |
Apr
|
May
(10) |
Jun
(5) |
Jul
(7) |
Aug
(3) |
Sep
(1) |
Oct
|
Nov
(10) |
Dec
(4) |
| 2022 |
Jan
(17) |
Feb
|
Mar
(7) |
Apr
(3) |
May
|
Jun
(1) |
Jul
(3) |
Aug
|
Sep
|
Oct
(6) |
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
(5) |
Mar
(1) |
Apr
(3) |
May
|
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
(6) |
Dec
|
| 2024 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
(15) |
Apr
(8) |
May
(10) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Daniel A. <co...@da...> - 2017-08-02 12:45:02
|
On Wed, 2017-08-02 at 09:37 +0200, Ingmar wrote: > Hey guys, > > First message to the mailing list ;). > > I've succesfully set up sshguard 2.0 on archlinux. I had firewalld > running and was manually blocking IP's I found repeatedly trying to > get into ssh. This list had around 1000 IP's in it. As you might > imagine I was getting really tired of the manual maintenance. > > When I was looking into sshguard, the documents page made no mention > of firewalld support, so I uninstalled it and cleared my iptables > setup to let sshguard handle it. > > Just now, I read there firewalld support in version 2.0, so my > question is, can I switch back to firewalld? How do I need to setup > sshguard.conf to use firewalld instead? I wrote this tutorial for using SSHGuard with the FirewallD backend. It says “Fedora” on the tin, but that really just refers to an systemd + firewalld environment. It should work for you on Arch as well. It says "Fedora" on the tin, but that really just refers to the systemd+selinux+firewalld technology stack and should work for you on https://ctrl.blog/entry/how-to-sshguard-firewalld Please let me know if you have any questions or comments, and I can update the tutorial to answer them. > Another thing I don't quite get is when I see sshguard blocking > someone, I see this line: > Aug 02 09:11:38 hostname sshguard[848]: Blocking "84.137.66.201" > for 960 secs (3 attacks in 140 secs, after 4 abuses over 1624 secs.). > I also see a corresponding line with iptables --list, but I don't see > this being saved to /etc/iptables/iptables.rules file. How is > sshguard saving its blocks? > > When I reboot the server or restart services, it won't retain > whatever sshguard has blocked so far, so how does this work? SSHGuard doesn't store blocks permanently by design. Whenever an attacker is detected in the configured time window, it will be blocked for a certain block time. The block time is doubled on subsequent attacks from the same IP address. Restarting SSHGuard resets every block. This prevents your block rules from getting out of hand. (Most attacks don't persist from the same source for more than a couple of days at the most.) You can actually change this behaviour to a permanent block. Copy the firewalld backend (it’s just a shell script that talks with firewalld) and no-op the release and flush functions. Then add --permanent lags to all the calls to firewalld and reload the firewall afterwards. Have a look at the script, and you should be able to work it out in five minutes. > Last but not least, I see some sshguard blocks being resolved to > hostnames in iptables --list. How can I prevent it from doing that? > I want it to block IP's, because there are dynamic DNS entries in > there and others are just DSL/home internet lines that constantly > change anyway. Besides that, it also takes time to try and do reverse > lookups all the time, especially if they can't be resolved and wait > for timeouts so I rather have sshguard just use IP addresses. This shouldn’t be a problem with a smaller blocklist. A local DNS cache such as dnsmasq would also all but eliminate this problem. Again, you can modify the backend script and resolve to IP addresses before injecting the rules into firewalld. I’m somewhat surprised that you’re seeing hostnames, actually. Please retest. > Thanks for this tool! Hopefully someone can help me here. I hope this helps! Let us know if you run into any problems! -- Daniel Aleksandersen SSHGuard contributor https://daniel.priv.no |
|
From: Injo <sou...@pr...> - 2017-08-02 07:54:09
|
Hey guys, First message to the mailing list ;). I've succesfully set up sshguard 2.0 on archlinux. I had firewalld running and was manually blocking IP's I found repeatedly trying to get into ssh. This list had around 1000 IP's in it. As you might imagine I was getting really tired of the manual maintenance. When I was looking into sshguard, the documents page made no mention of firewalld support, so I uninstalled it and cleared my iptables setup to let sshguard handle it. Just now, I read there firewalld support in version 2.0, so my question is, can I switch back to firewalld? How do I need to setup sshguard.conf to use firewalld instead? Another thing I don't quite get is when I see sshguard blocking someone, I see this line: > Aug 02 09:11:38 hostname sshguard[848]: Blocking "84.137.66.201" for > 960 secs (3 attacks in 140 secs, > after 4 abuses over 1624 secs.). I also see a corresponding line with > iptables --list, but I don't see this being saved to > /etc/iptables/iptables.rules file. How is sshguard saving its blocks? > When I reboot the server or restart services, it won't retain whatever > sshguard has blocked so far, so how does this work? Last but not least, I see some sshguard blocks being resolved to hostnames in iptables --list. How can I prevent it from doing that? I want it to block IP's, because there are dynamic DNS entries in there and others are just DSL/home internet lines that constantly change anyway. Besides that, it also takes time to try and do reverse lookups all the time, especially if they can't be resolved and wait for timeouts so I rather have sshguard just use IP addresses. Thanks for this tool! Hopefully someone can help me here. Regards, Ingmar. |
|
From: Jos C. <ssh...@cl...> - 2017-07-25 14:31:12
|
Dear team, Just to let you know that the update on v2.0.0 was introduced as sshguard-2.0.0 but actually was sshguard-2.0.0_1 For what I could check, the update was executed without any issue. Also thanks for documenting via UPDATING. Keep up the good work, Jos Chrispijn -- With both feed on the ground you will never make a step forward |
|
From: Kevin Z. <kev...@gm...> - 2017-07-21 20:08:43
|
On 07/21/2017 07:32, Jos Chrispijn wrote: > Jul 21 16:26:29 ares kernel: Jul 21 16:26:29 ares sshguard[60128]: > Attack from "58.19.14.52" on service 260 with danger 10. > Jul 21 16:26:29 ares kernel: Jul 21 16:26:29 ares sshguard[68586]: > Attack from "58.19.14.52" on service 260 with danger 10. > Jul 21 16:26:29 ares sshguard[9447]: 58.19.14.52 has already been blocked The first two lines are printed while SSHGuard parses log messages. The third is when SSHGuard actually tries to block the offenders, and realizes that it's already been blocked. > In my opinion the third line should be the first line as that was a fact > before the ip in the first line entered my location? > With that, both current first lines are to rule out (unnecessary > information as the ip was blocked anyway)? I agree that this is a little confusing and should probably be fixed. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Jos C. <ssh...@cl...> - 2017-07-21 19:37:57
|
Op 21-7-2017 om 16:32 schreef Jos Chrispijn: > Perhaps I don't understand. See that they come from two different systems - maybe not possible to bypass both first. Thanks, Jos -- With both feed on the ground you will never make a step forward |
|
From: Kevin Z. <kev...@gm...> - 2017-07-21 16:11:27
|
On 07/21/2017 08:41, Christos Chatzaras wrote: > The problem is that it ignores all changes in sshguard.conf and I think the only change it works is the BACKEND option. I took a look at the rc.d script in ports. SSHGuard usually looks at sshguard.conf for a list of files to monitor, but lets you override it via the command line using -l arguments. Here, the rc.d script is *always* setting the '-l' arguments even if you don't have SSHGUARD_WATCH_LOGS set in your rc.conf. The right thing to do might be to change the rc.d script to avoid setting '-l' arguments if the user left SSHGUARD_WATCH_LOGS empty. Or, if easing the transition isn't important, axing it in favor of the configuration file. > Then I add back in rc.conf the lines: > > sshguard_watch_logs="/var/log/auth.log:/var/log/maillog:/var/log/xferlog" > sshguard_blacklist="" > > and restart sshguard and running "ps -ax | grep sshguard" I get: > > 51567 - Is 0:00.00 /bin/sh /usr/local/sbin/sshguard -l /var/log/auth.log -l /var/log/maillog -l /var/log/xferlog -a 30 -p 120 -s 1800 -w /usr/local/etc/sshguard.whitelist -i /var/run/sshguard.pid > 51569 - S 0:00.00 /usr/local/libexec/sshg-parser > 51570 - S 0:00.14 /usr/local/libexec/sshg-blocker -a 30 -i /var/run/sshguard.pid -p 120 -s 1800 -w /usr/local/etc/sshguard.whitelist > 51571 - I 0:00.00 /bin/sh /usr/local/sbin/sshguard -l /var/log/auth.log -l /var/log/maillog -l /var/log/xferlog -a 30 -p 120 -s 1800 -w /usr/local/etc/sshguard.whitelist -i /var/run/sshguard.pid > 51572 - I 0:00.00 /bin/sh /usr/local/libexec/sshg-fw-ipfw > > Is it normal for sshguard process to run 2 times? That's not sshguard running two times, but actually a subshell of the interpreter running the sshguard script. So the SSHGuard script is correctly being run once, it's just that it spawned a subshell that looks identical to the parent. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Christos C. <ch...@cr...> - 2017-07-21 16:00:13
|
Hello, sshguard 2.0 requires /usr/local/etc/sshguard.conf to exist to be able to start sshguard. My /etc/rc.conf contains: sshguard_enable="YES" sshguard_watch_logs="/var/log/auth.log:/var/log/maillog:/var/log/xferlog" sshguard_blacklist="" I remove the last 2 lines and keep only: sshguard_enable="YES" Then I edit sshguard.conf and replace: #FILES="/var/log/auth.log /var/log/maillog" with: FILES="/var/log/auth.log /var/log/maillog /var/log/xferlog" The problem is that it ignores all changes in sshguard.conf and I think the only change it works is the BACKEND option. Then I add back in rc.conf the lines: sshguard_watch_logs="/var/log/auth.log:/var/log/maillog:/var/log/xferlog" sshguard_blacklist="" and restart sshguard and running "ps -ax | grep sshguard" I get: 51567 - Is 0:00.00 /bin/sh /usr/local/sbin/sshguard -l /var/log/auth.log -l /var/log/maillog -l /var/log/xferlog -a 30 -p 120 -s 1800 -w /usr/local/etc/sshguard.whitelist -i /var/run/sshguard.pid 51569 - S 0:00.00 /usr/local/libexec/sshg-parser 51570 - S 0:00.14 /usr/local/libexec/sshg-blocker -a 30 -i /var/run/sshguard.pid -p 120 -s 1800 -w /usr/local/etc/sshguard.whitelist 51571 - I 0:00.00 /bin/sh /usr/local/sbin/sshguard -l /var/log/auth.log -l /var/log/maillog -l /var/log/xferlog -a 30 -p 120 -s 1800 -w /usr/local/etc/sshguard.whitelist -i /var/run/sshguard.pid 51572 - I 0:00.00 /bin/sh /usr/local/libexec/sshg-fw-ipfw Is it normal for sshguard process to run 2 times? Kind regards, Christos Chatzaras |
|
From: Jos C. <ssh...@cl...> - 2017-07-21 14:32:12
|
Can you tell me what the purpose is of these lines: --- cut --- Jul 21 16:26:29 ares kernel: Jul 21 16:26:29 ares sshguard[60128]: Attack from "58.19.14.52" on service 260 with danger 10. Jul 21 16:26:29 ares kernel: Jul 21 16:26:29 ares sshguard[68586]: Attack from "58.19.14.52" on service 260 with danger 10. Jul 21 16:26:29 ares sshguard[9447]: 58.19.14.52 has already been blocked --- cut --- In my opinion the third line should be the first line as that was a fact before the ip in the first line entered my location? With that, both current first lines are to rule out (unnecessary information as the ip was blocked anyway)? Perhaps I don't understand. regards, Jos Chrispijn -- With both feed on the ground you will never make a step forward |
|
From: Jos C. <ssh...@cl...> - 2017-07-21 13:55:38
|
Op 21-7-2017 om 15:04 schreef Jos Chrispijn: > > I managed to install sshguard 2.0.0 > > sshguard-ipfw-1.7.1 is gone and is now sshguard 2.0.0 > > The only issue I now have is that I cannot retrieve in which file the > blacklist is filled. > > My old blacklist @ /var/db/sshguard/blacklist.db is still existing and > ip addresses are blocked but not in that file? > > Can you tell me where to find that list tab(22)? > Found that well of wisdom @ /usr/local/etc/sshguard.conf It's just a mindswitch comparing with the us of former sshguard-ipfw-xxxxx version Thanks, Jos Chrispijn -- With both feed on the ground you will never make a step forward |
|
From: Jos C. <ssh...@cl...> - 2017-07-21 13:04:36
|
I managed to install sshguard 2.0.0 sshguard-ipfw-1.7.1 is gone and is now sshguard 2.0.0 The only issue I now have is that I cannot retrieve in which file the blacklist is filled. My old blacklist @ /var/db/sshguard/blacklist.db is still existing and ip addresses are blocked but not in that file? Can you tell me where to find that list tab(22)? thanks, Jos Op 20-7-2017 om 22:32 schreef Dan McGregor: > On 2017-07-20 2:08 PM, Kevin Zheng wrote: >> On 07/20/2017 11:56, Jos Chrispijn wrote: >>> Just to let you know that something goes wrong with the recent port >>> update: >>> >>> ===> Installing for sshguard-2.0.0 >>> ===> Checking if sshguard already installed >>> ===> Registering installation for sshguard-2.0.0 as automatic >>> Installing sshguard-2.0.0... >>> pkg-static: sshguard-2.0.0 conflicts with sshguard-ipfw-1.7.1 (installs >>> files into the same place). Problematic file: /usr/local/sbin/sshguard >>> *** Error code 70 >>> >>> Stop. >>> make: stopped in /usr/ports/security/sshguard >> This is an issue on the port's side. I've CC'd the maintainer. >> >> You'll want to uninstall your old sshguard-ipfw using `pkg remove` and >> then install the new one. Make sure you check the changelog and follow >> any additional updating instructions. >> >> pkg here is getting confused by the different origins (that went away >> when 2.0 came around). I'm not sure what the best way to solve that is. >> > > I'm not sure of the best way either. I removed the subports (for > -ipfw, -pf, etc) when 2.0 came around because 2.0 can install more > than one backend, so perhaps an UPATING entry to warn users? You'll > also want to edit the sshguard.conf file in /usr/local/etc/sshguard.conf. -- With both feed on the ground you will never make a step forward |
|
From: Jos C. <ssh...@cl...> - 2017-07-21 10:18:50
|
Op 20-7-2017 om 20:56 schreef Jos Chrispijn: > > Dear team, > > Just to let you know that something goes wrong with the recent port > update: > > ===> Installing for sshguard-2.0.0 > ===> Checking if sshguard already installed > ===> Registering installation for sshguard-2.0.0 as automatic > Installing sshguard-2.0.0... > pkg-static: sshguard-2.0.0 conflicts with sshguard-ipfw-1.7.1 > (installs files into the same place). Problematic file: > /usr/local/sbin/sshguard > *** Error code 70 > > Stop. > make: stopped in /usr/ports/security/sshguard > > --- cut --- > I think I mixed up two versions here: I have installed: sshguard-ipfw-1.7.1 Protect hosts from brute force attacks against ssh and other services using ipfw and in my ports there is: /usr/ports/security/sshguard --- My question is: when announcing a port update of sshguard, would it also imply that an update of sshguard-ipfw will be pending? Or does the installation of sshguard result in an installation of port ssh-ipfw-x.x.x ? Somewhat confused... Jos |
|
From: Jos C. <ssh...@cl...> - 2017-07-21 09:40:37
|
Op 20-7-2017 om 22:32 schreef Dan McGregor: > I'm not sure of the best way either. I removed the subports (for > -ipfw, -pf, etc) when 2.0 came around because 2.0 can install more > than one backend, so perhaps an UPATING entry to warn users? You'll > also want to edit the sshguard.conf file in /usr/local/etc/sshguard.conf. Yes, an update about this in UPDATING would be great - also a notification what has/should be changed in the sshguard.conf would be very welcome. Thanks for your time and expertise, Jos Chrispijn -- With both feed on the ground you will never make a step forward |
|
From: Gary S. <li...@la...> - 2017-07-20 21:39:11
|
<html><head><meta http-equiv="Content-Security-Policy" content="script-src 'self'; img-src * cid: data:;"></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;font-size:initial;font-family:"Calibri","Slate Pro",sans-serif,"sans-serif"" dir="auto" contenteditable="false"> <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> I haven't got around to updating, but when you use ports, you have the option to deinstall prior to reinstall. I believe the difference is control files are preserved. </div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">One thing bad (supposedly) about using ports is when you do major OS upgrades, you need to recompile what you built from ports, while in theory packages do not require anything special.</div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">I'm using weasle words because my upgrade from FreeBSD 10 to 11 never worked. I ended up "spinning up a new droplet" for FreeBSD 11 and will eventually copy the old data to the new OS. Unrelated to sshguard, I took advantage of the new VPS to set up let's encrypt and other new features. </div> <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <br style="display:initial"></div> <div id="blackberry_signature_BBPPID" name="BB10" dir="auto"> <div name="BB10" dir="auto" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto"> <table width="100%" style="background-color: white; border-spacing: 0px; display: table; outline: none;" contenteditable="false"> <tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, "BB Alpha Sans", "Slate Pro"; font-size: 10pt;"> <div id="from"><b>From:</b> ssh...@cl...</div><div id="sent"><b>Sent:</b> July 20, 2017 1:41 PM</div><div id="to"><b>To:</b> kev...@gm...</div><div id="cc"><b>Cc:</b> ssh...@li...; dan...@us...</div><div id="subject"><b>Subject:</b> Re: [SSHGuard-users] Port update failed</div></div></td></tr></tbody></table><div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(186, 188, 209); display: block; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div><br><div class="moz-cite-prefix">Op 20-7-2017 om 22:08 schreef Kevin
Zheng:<br>
</div><blockquote type="cite">
<pre>On 07/20/2017 11:56, Jos Chrispijn wrote:
</pre>
<blockquote type="cite">
<pre>Just to let you know that something goes wrong with the recent port update:
===> Installing for sshguard-2.0.0
===> Checking if sshguard already installed
===> Registering installation for sshguard-2.0.0 as automatic
Installing sshguard-2.0.0...
pkg-static: sshguard-2.0.0 conflicts with sshguard-ipfw-1.7.1 (installs
files into the same place). Problematic file: /usr/local/sbin/sshguard
*** Error code 70
Stop.
make: stopped in /usr/ports/security/sshguard
</pre>
</blockquote>
<pre>This is an issue on the port's side. I've CC'd the maintainer.
</pre>
</blockquote></div>
Thanks - let me know if there may follow a work around so that we
don't have to reinstall.<br>
<br>
regards,<br>
Jos<br>
<pre class="moz-signature">-- With both feed on the ground you will never make a step forward
</pre>
<!--end of _originalContent --></div></body></html> |
|
From: Jos C. <ssh...@cl...> - 2017-07-20 20:41:40
|
Op 20-7-2017 om 22:08 schreef Kevin Zheng: > On 07/20/2017 11:56, Jos Chrispijn wrote: >> Just to let you know that something goes wrong with the recent port update: >> >> ===> Installing for sshguard-2.0.0 >> ===> Checking if sshguard already installed >> ===> Registering installation for sshguard-2.0.0 as automatic >> Installing sshguard-2.0.0... >> pkg-static: sshguard-2.0.0 conflicts with sshguard-ipfw-1.7.1 (installs >> files into the same place). Problematic file: /usr/local/sbin/sshguard >> *** Error code 70 >> >> Stop. >> make: stopped in /usr/ports/security/sshguard > This is an issue on the port's side. I've CC'd the maintainer. > Thanks - let me know if there may follow a work around so that we don't have to reinstall. regards, Jos -- With both feed on the ground you will never make a step forward |
|
From: Dan M. <dan...@us...> - 2017-07-20 20:33:04
|
On 2017-07-20 2:08 PM, Kevin Zheng wrote: > On 07/20/2017 11:56, Jos Chrispijn wrote: >> Just to let you know that something goes wrong with the recent port update: >> >> ===> Installing for sshguard-2.0.0 >> ===> Checking if sshguard already installed >> ===> Registering installation for sshguard-2.0.0 as automatic >> Installing sshguard-2.0.0... >> pkg-static: sshguard-2.0.0 conflicts with sshguard-ipfw-1.7.1 (installs >> files into the same place). Problematic file: /usr/local/sbin/sshguard >> *** Error code 70 >> >> Stop. >> make: stopped in /usr/ports/security/sshguard > This is an issue on the port's side. I've CC'd the maintainer. > > You'll want to uninstall your old sshguard-ipfw using `pkg remove` and > then install the new one. Make sure you check the changelog and follow > any additional updating instructions. > > pkg here is getting confused by the different origins (that went away > when 2.0 came around). I'm not sure what the best way to solve that is. > I'm not sure of the best way either. I removed the subports (for -ipfw, -pf, etc) when 2.0 came around because 2.0 can install more than one backend, so perhaps an UPATING entry to warn users? You'll also want to edit the sshguard.conf file in /usr/local/etc/sshguard.conf. |
|
From: Kevin Z. <kev...@gm...> - 2017-07-20 20:08:52
|
On 07/20/2017 11:56, Jos Chrispijn wrote: > Just to let you know that something goes wrong with the recent port update: > > ===> Installing for sshguard-2.0.0 > ===> Checking if sshguard already installed > ===> Registering installation for sshguard-2.0.0 as automatic > Installing sshguard-2.0.0... > pkg-static: sshguard-2.0.0 conflicts with sshguard-ipfw-1.7.1 (installs > files into the same place). Problematic file: /usr/local/sbin/sshguard > *** Error code 70 > > Stop. > make: stopped in /usr/ports/security/sshguard This is an issue on the port's side. I've CC'd the maintainer. You'll want to uninstall your old sshguard-ipfw using `pkg remove` and then install the new one. Make sure you check the changelog and follow any additional updating instructions. pkg here is getting confused by the different origins (that went away when 2.0 came around). I'm not sure what the best way to solve that is. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Jos C. <ssh...@cl...> - 2017-07-20 19:13:46
|
Dear team, Just to let you know that something goes wrong with the recent port update: ===> Installing for sshguard-2.0.0 ===> Checking if sshguard already installed ===> Registering installation for sshguard-2.0.0 as automatic Installing sshguard-2.0.0... pkg-static: sshguard-2.0.0 conflicts with sshguard-ipfw-1.7.1 (installs files into the same place). Problematic file: /usr/local/sbin/sshguard *** Error code 70 Stop. make: stopped in /usr/ports/security/sshguard --- cut --- Can you tell me how to solve? Thanks! Keep up the good work, Jos Chrispijn -- With both feed on the ground you will never make a step forward |
|
From: Jos C. <ssh...@cl...> - 2017-07-20 19:10:32
|
Dear team, Just to let you know that something goes wrong with the recent port update: ===> Installing for sshguard-2.0.0 ===> Checking if sshguard already installed ===> Registering installation for sshguard-2.0.0 as automatic Installing sshguard-2.0.0... pkg-static: sshguard-2.0.0 conflicts with sshguard-ipfw-1.7.1 (installs files into the same place). Problematic file: /usr/local/sbin/sshguard *** Error code 70 Stop. make: stopped in /usr/ports/security/sshguard --- cut --- Can you tell me how to solve? Thanks! Keep up the good work, Jos Chrispijn -- With both feed on the ground you will never make a step forward |
|
From: Kevin Z. <kev...@gm...> - 2017-06-07 19:44:55
|
On 06/07/2017 11:38, jungle Boogie wrote: > Hi All, > > Is there any reason the website still shows to configure with a > specific firewall? > https://www.sshguard.net/docs/setup/compile-install/ > > I'm pretty sure 2.0 did away with this need. We're slow at updating documentation on the website. See INSTALL.rst for updated install documentation. There's not really anything new there. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: jungle B. <jun...@gm...> - 2017-06-07 18:38:42
|
Hi All, Is there any reason the website still shows to configure with a specific firewall? https://www.sshguard.net/docs/setup/compile-install/ I'm pretty sure 2.0 did away with this need. -- ------- inum: 883510009027723 sip: jun...@si... |
|
From: <li...@la...> - 2017-05-30 08:02:45
|
This looks perfect. Perhaps the IPs that weren't being blocked had hits too far apart. The attacker is a Google Cloud service. Lovely... May 26 01:50:05 theranch sshd[86071]: fatal: Unable to negotiate with 104.154.221.11 port 54157: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [pr eauth] May 26 01:50:06 theranch sshd[86073]: fatal: Unable to negotiate with 104.154.221.11 port 54297: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [pr eauth] May 26 01:50:07 theranch sshd[86075]: fatal: Unable to negotiate with 104.154.221.11 port 54438: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [pr eauth] May 26 01:50:07 theranch sshguard[703]: blacklist: added 104.154.221.11 |
|
From: <li...@la...> - 2017-05-28 03:31:19
|
On Thu, 25 May 2017 20:33:33 -0700 Kevin Zheng <kev...@gm...> wrote: > On 05/25/2017 18:22, li...@la... wrote: > > I can't find the location of sshg-parser. The program isn't in my > > search path and I have looked in the obvious places. On FreeBSD, > > sshguard is located in /usr/local/sbin. > > > > Once I have sshg-parser, I will feed it an archived log. > > /usr/local/libexec/sshg-parser > > You should be running the same version I am; I don't know what > discrepancy there might be. > Now I am getting a trigger. I don't know why I didn't get one the other time I mimicked your echo then pipe. I think the ultimate test would be to create a new user, then a key that I won't put on the server, then try logging into the server. I'll do the test from public wifi so I don't lock myself out. Howerver, what do I do to prevent sshguard from permanently blocking IP addresses. My ipfw list is over 3000 hits. I was thinking of flushing it, but I don't know if sshguard maintains a database of hits or just checks table 22. |
|
From: Kevin Z. <kev...@gm...> - 2017-05-27 17:22:52
|
On 05/26/2017 01:16, li...@la... wrote: > How do I see the attack? I don't see an entry doing a tail of auth.log. If you run sshg-parser by itself and pipe your log to it, you should get a line of output for each attack it detects. If there is no output, an attack wasn't detected. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: <li...@la...> - 2017-05-26 08:16:55
|
On Thu, 25 May 2017 18:22:01 -0700 li...@la... wrote: > I can't find the location of sshg-parser. The program isn't in my > search path and I have looked in the obvious places. On FreeBSD, > sshguard is located in /usr/local/sbin. > > Once I have sshg-parser, I will feed it an archived log. > > > > > Original Message > From: Kevin Zheng > Sent: Thursday, May 25, 2017 5:33 PM > To: ssh...@li... > Subject: Re: [SSHGuard-users] key exchange ssh not being blocked > > On 05/25/2017 17:04, li...@la... wrote: > > sshguard 1.7 is not catching key exchange ssh hacks. The number of > > fools attempting such a hack is small, but some are persistent. I've > > been blocking them by hand. > > I can't reproduce your issue. Specifically, I checked out the 1.7.1 > sshg-parser and ran: > > $ echo "May 24 20:37:06 theranch sshd[60250]: fatal: Unable to > negotiate with 172.81.185.192 port 50267: no matching key exchange > method found. Their offer: diffie-hellman-group1-sha1 [preauth]" | > sshg-parser > > And got an attack. > How do I see the attack? I don't see an entry doing a tail of auth.log. |
|
From: Kevin Z. <kev...@gm...> - 2017-05-26 03:33:37
|
On 05/25/2017 18:22, li...@la... wrote: > I can't find the location of sshg-parser. The program isn't in my search path and I have looked in the obvious places. On FreeBSD, sshguard is located in /usr/local/sbin. > > Once I have sshg-parser, I will feed it an archived log. /usr/local/libexec/sshg-parser You should be running the same version I am; I don't know what discrepancy there might be. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
2 messages has been excluded from this view by a project administrator.
