ssh-sentryd/ssh-sentryd.8

.\" Copyright (c) 2020 Markus Hennecke <markus-hennecke@markus-hennecke.de>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 12 2020 $
.Dt SSH-SENTRYD 8
.Os
.Sh NAME
.Nm ssh-sentryd
.Nd daemon watching for failed authentications from
.Xr sshd 8
in
.Pa /var/log/authlog ,
adding IPs trying to login with invalid user names to the
.Xr pf 4
table
.Qq blacklist .
.Sh SYNOPSIS
.Nm
.Bk -words
.Op Fl dv
.Ek
.Sh DESCRIPTION
The
.Nm
daemon watches the
.Xr sshd 8
log entries in
.Pa /var/log/authlog
and adds IPs trying to login with invalid user names to the
.Xr pf 4
table
.Qa blacklist .
.Pp
The options are as follows:
.Bl -tag -width "-d"
.It Fl d
Do not daemonize.
If this option is specified,
.Nm
will run in the foreground and log to
.Em stderr .
.It Fl v
This option allows
.Nm
to send DEBUG priority messages to syslog.
.El
.Pp
.Nm
watches for new log lines in
.Pa /var/log/authlog
matching log entries starting with one of:
.Bl -tag -width "Failed password for invalid user from" -compact
.It Li Failed password for invalid user from
.It Li Failed password for root from
.El
.
The IP address following one of the above log lines is then added to the
.Xr pf 4
table
.Qq blacklist .
.Pp
If the log file
.Pa /var/log/authlog
is rotated it is reopened.
.Sh SEE ALSO
.Xr pf 4
.Xr sshd 8