Denyhosts to protect SSH service from bruteforce attacks in FreeBSD

10-12-2008, Lars Sommer, [email protected]

Install the port security/denyhosts

Add to /etc/rc.conf

denyhosts_enable=”YES”
syslogd_flags=”-c”

Add to /etc/hosts.allow

sshd : /etc/hosts.deniedssh : deny
sshd : ALL : allow

Add to /usr/local/etc/denyhosts.conf

BLOCK_SERVICE = sshd

touch /etc/hosts.deniedssh
/usr/local/etc/rc.d/denyhosts start