"The short version is: it receives log messages, it detects when
a networked service has been abused based on them, and blocks the
address of who abused it; after some time, it releases the
"The full version is: sshguard runs on a machine as a small
daemon, and receives log messages (in a number of ways, e.g. from
syslog). When it determines that address X did something bad to
service Y, it fires a rule in the machine's firewall (one of the
many supported) for blocking X. Sshguard keeps X blocked for some
time, then releases it automatically.
"Please note that despite of his name sshguard detects attacks
for many services out of the box, not only SSH but also several
ftpds, Exim and dovecot. It can operate all the major firewalling
systems, and features support for IPv6, whitelisting, suspension,
and log message authentication"
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.