The security/sshlockout port

sshlockout-0.20190130p0 – protect against brute force attacks on sshd(8) (cvsweb github mirror)

Description

sshlockout(8) will monitor the ssh syslog output and keep track of
attempts to login to unknown users as well as preauth failures. If
5 attempts fail in any one hour period, a permanent entry is added to
the pf(4) table for the associated IP address.

WWW: https://www.dragonflybsd.org/

Readme

+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------

syslogd(8) children run under the _syslogd user, but sshlockout(8)
should be run as root in order to modify its pf(4) table.  doas(1) can
be used to gain back root privileges:

  permit nopass _syslogd as root cmd ${TRUEPREFIX}/sbin/sshlockout


When using doas, the following line is required in /etc/syslog.conf:

  auth.info;authpriv.info | exec /usr/bin/doas -n ${TRUEPREFIX}/sbin/sshlockout -pf lockout


A rule must be added to /etc/pf.conf in order to block addresses within the
default lockout table:

  table  persist
  block in quick on egress proto tcp from  to port ssh

Maintainer

The OpenBSD ports mailing-list

Files

/usr/local/man/man8/sshlockout.8
/usr/local/sbin/sshlockout
/usr/local/share/doc/pkg-readmes/sshlockout

The security/sshlockout port

sshlockout-0.20190130p0 – protect against brute force attacks on sshd(8) (cvsweb github mirror)

Description

Readme

Maintainer

Categories

Files