Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Blocks SSH brute force attacks using PF

tree: cf9927e52d

Fetching latest commit…

Cannot retrieve the latest commit at this time

README.textile

DenySSH

DenySSH monitors the auth log of a BSD system for failed SSH login attempts and adds repeat attackers to a Packet Filter table, allowing you to define PF rules to block the attacking hosts or redirect them to a honeypot for your amusement.

Attackers are only blocked temporarily to minimize the inconvenience if a false positive occurs. Each consecutive failed login attempt results in the attacking host being blocked for a longer time period. If a successful login occurs, that host’s record is wiped clean and it is given a little more leeway.

DenySSH is written in Ruby and has been tested on FreeBSD (but should work on any BSD with PF support).

Requirements

  • Ruby 1.8.4+
  • Packet Filter

If you’re running a recent version of OpenBSD, FreeBSD, NetBSD, or DragonFlyBSD, you probably already have PF installed. If you’re running Linux, you’re out of luck. Sorry.

Note: DenySSH is no longer actively maintained. Feel free to use it and modify it to meet your needs, but please don’t expect support.

There’s a similar project (named “deny-ssh”) with Linux support here: https://github.com/qrux/deny-ssh

Something went wrong with that request. Please try again.