My system running OS X 10.11 is constantly getting hammered by failed ssh login attempts by bots. I'm using a secure password and the root account isn't accessible via ssh, but even so it's still a drain on CPU time and it makes me nervous.
Is there a good way I can ban IP addresses that guess the password wrong too many times while still allowing myself to ssh in? Even better if this tool has a nice GUI so I don't have to use the command line.
I tried using sshguard, but I simply cannot get it to work. There's threads in various places about it not working properly in OS X 10.10, and I haven't found any solutions.
Other places have recommended using a VPN so that outsiders can't ssh into your system, but that's not an option for me. It's important that I be able to ssh in from arbitrary systems out in the world, and setting up VPNs on them is generally not feasible.
Best Answer
I've been researching opening up SSH like this on other *nix based systems, and most suggest two things. I'm sorry but I don't know how to do either on MacOS.