Sshguard is a security tool, written with security in mind. This document draws some considerations on security you might be interested in, and is provided for transparency with respect to users.

Design and development

Some basic principles are continuously used to maintain the quality and reliability of the code base.

  • modularity: simpler code and well defined responsabilities. This makes bugs much easier to spot and correct.
  • portability: sshguard has portability constraints that make it use only few, widespread and mature system tools.
  • simplicity: sshguard extensively applies the KISS principle.
  • code quality: sshguard code is streamlined, and stands out for clarity, logicality and commenting. Several contributors sent in remarks on this point.

Release policy

Sshguard typically passes along some beta before a stable release. Stable releases normally happen after some weeks of private testing on production servers.

When a release contains new features that are not trusted to be mature, they are typically marked as EXPERIMENTAL.

There is a mailing list to which users are solicited to submit possible bugs or deficiencies, and a bug tracker where more experienced users and developers can submit bugs.

Remarks on running sshguard

How does sshguard improve my system?

Sshguard is a lightweight intrusion prevention system, which sits between barebones bruteforce-blocking tools and full blown IPSs. Differently to the latter, it runs silently, with minimal resources and nearly no configuration, it blocks attackers temporarily and without broadcasting notifications. Differently to the formers, it does make considerably more resource-expensive for an attacker to break in thanks to the added features of touchiness and automatic blacklisting.

However, sshguard is a non-perfect tool in a non-perfect Internet. Whenever an attack is performed in minimal steps by a large number of distributed attackers, as opposed to centrally, sshguard can't help. Could you? When your users base is geographically sparse, and at a time you observe an anomalous number of users is failing their password once, then giving up, how would you react as an administrator?

Besides providing a certain improvement to your host's security, sshguard improves the consistency of your log files by removing the vast noise produced by such attacks, and occasionally improves the load and responsiveness on the server when the break-in attempts address servers whose service setup is computationally expensive.

This said, there are some cases where sshguard is an overkill. If you run your own server, you alone have shell access to it, and you just want to terminate the botnet attacks to your sshd? This is one such case: just make your shell server listen to a non-standard port and be happy.

Lates Releases View all»

  • Latest releases Latest releases are available from SourceForge. See 'News'.
  • sshguard 1.5 This is a milestone release, coming after 18 months ...
  • sshguard 1.5 Sshguard monitors services through their logging activity. It reacts ...

F.A.Q. View all»

  • What is sshguard?Sshguard is a small program that monitors services running on your machine from the log files. When it ...
  • Sshguard does not workYou have one of these problems: sshguard is not given logs correctly sshguard cannot run the commands for ...
  • What does sshguard do?The short version is: it receives log messages, it detects when a networked service has been abused based ...