Home > HowTo, Linux, Security > How to setup sshguard

How to setup sshguard

How to setup sshguard

Using Iptables and centos or redhat
(another option is to use fail2ban, checkout my howto here )

1.Download sshguard source and compile it (could also try yum install sshguard)
# wget http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2

Other downloads from here

2. Uncompress
# bunzip2 -v -d  sshguard-1.5.tar.bz2
# tar -xvf sshguard-1.5.tar

3. Compile and install (requires gcc, yum install gcc)
# ./configure –with-firewall=iptables
# make all && make install

4. Configure
First we must configure iptables:
# iptables -N sshguard
# iptables -A INPUT -j sshguard
# iptables-save

Better ref.  http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/


5. Setup the daemon

Copy to /etc/init.d/sshguardd

! /bin/bash
# #
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
# init script by Felipe Ferreira July 2011
case $1 in
nohup /usr/local/sbin/sshguard -l /var/log/secure -a 5  &
killall sshguard
echo "Use start or stop"
exit 1

Note: the sshguard -l <log file to watch>
In centos case the sshd saves login info to /var/log/secure check your /etc/ssh/sshd_config to find out log level and where its at.
It can be different kind of logfiles, the -a <number> is how many times the sshguard will block an IP after <X> of bad attemps to login.

Add to startup init.d
# chkconfig –add sshguardd
# chkconfig –level 345 sshguardd on

6. Finally start the deamon.
# service sshguardd startup

7. Make sure it is running
# ps -ef |grep sshgua

Go int another machine and try SSH 5 times with wrong password and your IP should be in the iptables block list!


(another option is to use fail2ban, checkout my howto here )

  1. October 26th, 2011 at 17:28 | #1

    You have a little error on the first line. You have
    ! /bin/bash
    and it shoudl be
    Just make sure you have that right or bash will complain on reboot

  2. April 4th, 2014 at 10:16 | #2

    Don’t forget to chmod +x /etc/init.d/sshguardd to avoid getting a permission denied

  1. No trackbacks yet.