Skip to content. | Skip to navigation

Personal tools
You are here: Home Knowledge Downloads

tb-sshdfilter - Stop ssh Break-in Attempts - Free Download

Hackers use automated programs attempting to get shell access to your Linux systems every day. tb-sshdfilter by Eric V. Smith of True Blade Systems stops these break-in attempts. True Blade has released tb-sshdfilter under the GPL license.


Golf Course at Hyatt Regency, Cambridge, Maryland

If you study the logfiles of nearly any Linux system exposed to the Internet you will often see hundreds or even thousands of break-in attempts each week. Wouldn't you rather block these attempts quickly and silently, restricting the offender from having any further contact with your system?

Here's how we believe this process should work:

  1. Hacker attempts to break-in via ssh
  2. Software detects break-in and logs IP Address of hacker
  3. Software inserts hacker's IP address into new firewall rule, blocking all TCP/IP packets originating from hacker's IP address - hacker can not make any further contact with our server from the blocked IP address
  4. (Future Improvement) Hacker's blocked IP address is shared with other servers to also protect them from break-in attempts
  5. Software expires rule blocking hacker's IP address after pre-determined time period


An existing program, sshdfilter, attempts to solve this problem. True Blade partner Eric V. Smith studied sshdfilter and determined that a new solution was required to address the requirements of our clients. tb-sshdfilter is a new program, written in Python, which attempts to provide a more flexible and robust solution. The following table explains why we believe tb-sshdfilter is a superior program.


Comparison of tb-sshdfilter and sshdfilter 1.3.5

Feature / attribute
Author & Contact Information  Eric V. Smith,
True Blade Systems, Inc.
greg at csc liv ac uk
Difficulty to Change sshd Parsing Trigger Keywords
(in separate config file)
(requires script change)
Supports Listening on Alternate TCP Ports
(not just port 22)
Separate init.d from sshd
Permits simultaneous operation and testing
of sshd and filtering program

iptables logic separate from sshd output parser
Allows rules to be stored in a database
Rules Specifications
Programming Language Used
Software License
First Release Date
October 12, 2005
June 5, 2005

Newer versions of sshdfilter address some of these differences.


How tb-sshdfilter Works

tb-sshdfilter monitors the output of sshd for unauthorized login attempts and automatically blocks offending IP addresses from being able to make further attempts.

We have prepared a PDF file with more information about tb-sshdfilter.

tb-sshdfilter is being released to the general public by True Blade Systems, Inc. under the GNU Public License (GPL). There is no charge to use the software but we do ask that you give us feedback about your experiences with tb-sshdfilter after you have it up and running.

tb-sshdfilter was first demonstrated to the public at the Columbia, Maryland Linux User's Group on October 12, 2005.

Download tb-sshdfilter-1.1.tar.gz Download tb-sshdfilter version 1.1.

Note: Please contact us to tell us how you are using tb-sshd-filter. Registered tb-sshdfilter users are allowed to contribute to ongoing dialog and commentary and will receive priority notification of all improvements and updates.


tb-sshdfilter Release History

  • 2009-05-15
    Registration is no longer required to download tb-sshdfilter. However, users are strongly encouraged to contact us to tell us how you are using tb-sshdfilter - thanks!
  • 2006-02-10 version 1.1
    Users must register on True Blade's website to download the tb-sshdfilter software. tb-sshdfilter remains free and GPL licensed, but anonymous downloads are no longer permitted.

  • 2005-10-14 version 1.1
    Added code to detect if sshd and iptables executables (as configured) exist and are executable.

  • 2005-10-12 version 1.0
    Initial release.
Document Actions
« October 2017 »