GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
SSHGUARD(8) SSHGuard Manual SSHGUARD(8)

sshguard - block brute-force attacks by aggregating system logs

sshguard [-hv] [-a threshold] [-b threshold:blacklist_file] [-i pidfile] [-p blocktime] [-s detection_time] [-w address | whitelist_file] [file ...]

sshguard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of several firewall backends.

sshguard can monitor log files. Log messages are parsed line-by-line for recognized patterns. An attack is detected when several patterns are matched in a set time interval. Attackers are blocked temporarily but can also be semi-permanently banned using the blacklist option.

-a threshold (default 30)
Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
-b threshold:blacklist_file
Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
-i pidfile
Write the PID of sshguard to pidfile.
-p blocktime (default 120)
Block attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.

sshguard unblocks attacks at random intervals, so actual block times will be longer.

-s detection_time (default 1800)
Remember potential attackers for up to detection_time seconds before resetting their score.
[-w address | whitelist_file]
Whitelist a single address, hostname, or address block given as address. This option can be given multiple times. Alternatively, provide an absolute path to a whitelist_file containing addresses to whitelist. See WHITELISTING.
-h
Print usage information and exit.
-v
Print version information and exit.

SSHGUARD_DEBUG
Set to enable verbose output from sshg-blocker.

%PREFIX%/etc/sshguard.conf
See sample configuration file.

Whitelisted addresses are never blocked. Addresses can be specified on the command line or be stored in a file.

On the command line, give the -w option one or more times with an IP address, CIDR address block, or hostname as an argument. Hostnames are resolved once at startup. If a hostname resolves to multiple addresses, all of them are whitelisted. For example:

sshguard -w 192.168.1.10 -w 192.168.0.0/24 -w friend.example.com
    -w 2001:0db8:85a3:0000:0000:8a2e:0370:7334
    -w 2002:836b:4179::836b:0000/126


If the argument to -w begins with a forward slash ('/') or dot ('.'), the argument is treated as the path to a whitelist file.

The whitelist file contains comments (lines beginning with '#'), addresses, address blocks, or hostnames, one per line.

sshguard-setup(7)
May 23, 2019 2.4
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.