On 16/09/2017 16:06, Stroller wrote: > Is anyone familiar enough with this subject to make a comparison between > these two programs, please? > > If I google Fail2Ban vs SSHGuard I get many hits saying "I use this one", but > no-one saying why one might be better than the other. > > So far I'm favouring SSHGuard, but mostly because the website looks prettier. > > I want to be able to use passwords, so allowing logons only by public-key is > no good (also would be nice to block failed IMAP connection attempts). > > Thanks in advance for any thoughts. > > Stroller. >
Depends what you want, they both achieve the same end. fail2ban reads all manner of log files and such, decides based on rules if someone is being naughty, and then takes actually (most often listing the source address in a packet filter drop rule). As far as I'm aware (and could be wrong), sshguard is mostly just sshd whereas fail2ban works on anything you can give it consistent logs for. There's not much to choose between them really. So go for the one that seems to fit your needs best, if you scan the man pages and sample rules files and one jumps out as a clear winner than you understand easily, then that is the one you use. The question is almost never "does this things do what I want?" as the answer is so often yes. The question is always "d I understand this thing as can drive it easily?" -- Alan McKinnon alan.mckin...@gmail.com