...
| Table of Contents |
|---|
sshguard
On Linux hosts I use Fail2ban, but for OpenBSD, I use sshguard due to limitations regarding the compatibility. sshguard will at least slow down those password brute-force attempts, which appear too often from one single IPv4 or IPv6 endpoint.
Now, obviously we should be able to limit SSH access to important systems by enforcing key-based authentication and / or Multi-Factor Authentication (MFA) based on TOTP (Time-based OneTime Pad) for example. MFA authentication for OpenSSH on OpenBSD doesn’t seem to be a viable option today, though.
fail2ban
...