SSH Brute Force

[MrUnknownEMC]

I have set up a SSH to allow me and some trusted family members who knows how to use private/public keys as more secure login method. This was all working pretty well until, i have check my log and still they are tones of brute force attempt but most of them are using user/password which may they won't able to access as i disable password authorized and being use SSH keys for each individual and each username and only limit to read only. Is there like a plugin/script or some form off auto blocking these IP and like 3 attempted and IP ban? because i don't my log to be filled with attempted ssh brute force and also it will be much secure.

Thanks

 

[Jailer]

Use an alternate random port for SSH access.

 

[MrUnknownEMC]

Use an alternate random port for SSH access.

How about bot which port scans? What are the limit of the port?

 

[pirateghost]

Get a firewall in between your NAS and the big bad internets

 

[Jailer]

Get a firewall in between your NAS and the big bad internets

https://forums.freenas.org/index.ph...tall-fail2ban-onto-freenas.41579/#post-266321

 

[MrUnknownEMC]

Get a firewall in between your NAS and the big bad internets

Any suggestion?

 

[Jailer]

PfSense is my preffered choice but Sophos UTM seems to be a popular option as well.

 

[Mirfster]

PfSense is my preffered choice

+1

 

[brando56894]

PfSense is my preffered choice but Sophos UTM seems to be a popular option as well.

Here here, I love my pfSense box.

Sent from my Nexus 6 using Tapatalk

 

[ewhac]

I would suggest using bruteblock, but you can't install additional packages inside FreeNAS proper; you can only do that inside jails.

The reason I like bruteblock is that, once a given IP address exceeds the retry attempts, it gets plonked into local packet filter table and any further connections from that IP address are ignored. Achieving this same behavior (block after n failures) is harder to achieve using an external firewall (AFAIK).

 

[Mirfster]

While I haven't implemented it yet (waiting on my NetGate to arrive); I think that Snort (package in PFSense) can handle this:
https://doc.pfsense.org/index.php/Category:Snort
https://forum.pfsense.org/index.php?topic=104428.0

 

[Jailer]

Yes this can be accomplished via the Snort package in pfSense by adding this line to the wan_suppress rules in the suppress tab in the Snort configuration menu.

Code:

event_filter gen_id 0, sig_id 0, type both, track by_src, count 3, seconds 600

 

[Montel Bahn]

Newbs assemnent..

Use an alternate random port for SSH access.

Sure.. for fun.. but I don't think that will satisfy OP's needs. Mina 1 for You masked troublemaker!

How about bot which port scans? What are the limit of the port?

Poor foreign dude(who wasted much brain power hoping he could trust replier's tone/authenticity/knowlwedge), based on Message count maybe, doesn't understand logic of reply.

Get a firewall in between your NAS and the big bad internets

VERY flip, but the best advice this OP will ever get, from this forum.

Yes this can be accomplished via the Snort package in pfSense by adding this line to the wan_suppress rules in the suppress tab in the Snort configuration menu.

Code:

event_filter gen_id 0, sig_id 0, type both, track by_src, count 3, seconds 600

I don't know..sounds deliberately complicated...

PfSense is my preffered choice but Sophos UTM seems to be a popular option as well.

I think that was clear from your previous post.. He was asking the Ghost Pirate.

YadaYada,
What happened to IPFW?
Can't that be a "Feature" .....when someone turns on SSH slider in GUI, they are forced to enter a local(s) and remote(s) whitelist IPs that don't get dropped?
IPFW is extremely low ram and cpu intensif for things like this and thus was the base firewall for like forever no?

I don't understand?

PS does the freenas mini come with FreeNAS or TruNAS?