
Sshguard protects networked hosts from brute force attacks - edward
http://www.sshguard.net/
======
MichaelGG
So does disabling password auth and using real keys.

My only experience with sshguard is via Google Cloud Platform. For some reason
they enable it by default. Thus it locked me out somehow, making me spend an
extra few hours wondering why SSH stopped working.

If you're that upset about auth logs, put SSH on another port.

~~~
nieve
The big win for me is that it cuts down log noise from ssh brute force
attempts. Used with pf/netfilter you get even less. I'm not sure of getting
FreeBSD nightly security reports that freeze a mail client for a few seconds
as they render and sshguard cuts that down to a manageable block message.

~~~
MichaelGG
So don't log those things or especially don't email them? They're obviously
not providing useful or actionable information. Just seems like the hassle of
getting locked out far outweighs the reduction in a log you're not really
monitoring anyways. And doesn't moving ports also kill that junk traffic?

------
simple10
Anybody know if this is better than fail2ban?

~~~
bradleyland
I wouldn't say better. More of a lighter weight alternative. Fail2ban can do
lots of stuff. You can define fail2ban rules for any service that writes login
failures to a log file. Sshguard, on the other hand, endeavors only to monitor
ssh. This makes it more focused, and therefore smaller.

Whether this is "better", depends on what you need. I don't know about your
systems, but I use fail2ban for protecting several different administrative
systems, so I'd still need it. Thus, I won't be switching. However, if you
only need SSH monitoring, this is worth a close look.

