Quote:
|
Originally Posted by psypro
But how can i verify it is working? is it configured out of the box, or do I need to tell it manually to read /var/log/authlog.
|
Haven't used it, but you can check if the table has anything in it: pfctl -t sshguard -T show
Quote:
|
Originally Posted by psypro
And on a more meta level, does program like sshguard strengthen or weaken the security. Should not a -b 15000 key be strong enough in it self? Another service running, increase risk from errors or backdoors in program. But on a more psychological term, it anoys me to se login attempts from hostile user again and again, and it clutter my /var/log/authlog.
|
I don't think it's necessary beyond the psychological effect. I hate seeing these attempts, too. Pretty sure almost none of these attempts are trying keys anyway, only known or simple passwords. So they can try as many times as they want, it'll never let them in. Maybe it'll prevent a DOS if there is a bug in ssh where failed attempts cause CPU load, or a crash, or something, but I don't worry about that too much. PF could have the same problem, or a web server, or a mail server, or a local app just doing it's thing.