Sshguard 1.5

Sshguard protects networked hosts from the today's widespread brute force attacks against ssh servers.
  1 Screenshot
Sshguard protects networked hosts from the today's widespread brute force attacks against ssh servers. It detects such attacks and blocks the author's address with a firewall rule.

This project is BSD licensed.

How sshguard works

Sshguard monitors ssh servers from their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall.

Messages describing dangerous activity can be easily customized with regular expressions; this makes sshguard theorically usable with any login server, and in general anything that logs something, although no experiments have been made outside ssh.

Sshguard can operate all the major firewalling systems:

- PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
- netfilter/iptables (Linux)
- IPFIREWALL/ipfw (FreeBSD, Mac OS X)

Main features:

  • a very large part of these tools are simple scripts. So, they require a permanent interpreter application which usually takes a lot of system memory. Which, on servers, is very precious.
  • Sshguard is written in C, and designed to be 0-impact on system resources.
  • several tools require customization (hack & play).
  • Sshguard is designed for extreme ease of use (plug & play).
  • many tools are OS- or firewall-specific (usually Linux).
  • Sshguard is designed to work on many OSes and can operate several firewall systems; see Compatibility.
  • nearly all tools are constraintly written for their operating scenario.
  • Sshguard can be extended for operating with custom/proprietary firewalls with very very few effort.

last updated on:
February 9th, 2011, 14:17 GMT
license type:
BSD License 
developed by:
ROOT \ System \ Monitoring
Download Button

In a hurry? Add it to your Download Basket!

user rating 19



Rate it!
What's New in version 1.4
  • This release includes many new features (touchiness, automatic permanent blacklisting, IPv6 whitelisting, and more), many bugfixes to the logic, and some fixes and additions to the log analyzer.
read full changelog

Add your review!