DenySSH monitors the auth log of a BSD system for failed SSH login attempts and adds repeat attackers to a Packet Filter table, allowing you to define PF rules to block the attacking hosts or redirect them to a honeypot for your amusement.

Attackers are only blocked temporarily to minimize the inconvenience if a false positive occurs. Each consecutive failed login attempt results in the attacking host being blocked for a longer time period. If a successful login occurs, that host’s record is wiped clean and it is given a little more leeway.

DenySSH is written in Ruby and has been tested on FreeBSD (but should work on any BSD with PF support).

• Google Code Project Page
• SVN repository
• Bugs

• Ruby 1.8.4
• Packet Filter

If you’re running a recent version of OpenBSD, FreeBSD, NetBSD, or DragonFlyBSD, you probably already have PF installed. If you’re running Linux, you’re out of luck. Sorry.

No official releases yet, but you can grab the development version of DenySSH from the SVN repository if you’re brave.

Copyright © 2006 Ryan Grove. All rights reserved.
DenySSH is free open source software distributed under the terms of the BSD License.