I wrote a handy little script to be a low budget version of DenyHosts.
You have to create a firewall rule in Windows (only tested with Win 7) that blocks access to your OpenSSH port TCP 22. Make this rule a higher priority than the allow rule. It did this automatically for me, YMMV. I don't see an option to manually set priority, but didn't need it so I didn't look too hard.
Edit the denyhosts.vbs to give it the name of the rule you created. READ the comments in the code there.
Set it up to run via scheduled tasks as an admin.
No warranty, use at your own risk, read the code before you execute, trust no one including me, etc.
This isn't an elegant solution, it's a hack I put together that works for me. I decided to share it for free and GPL so be gentle on criticism. It's a vbscript I slapped together this afternoon.
What it does:
- Read Application log for "sshd" events.
- Parse event to find auth failures.
- Log all sshd events to text file.
- If auth failures exceed set limit, ban IP via windows firewall.
- Optionally immediately ban failed "root" attempts.
- Store failed attempts that did not exceed limit (yet).
- Add to log txt file.
- Clear counter for an IP with an eventual successful login.
- Store time stamp of last event to prevent re-reading old entries.
To remove IPs you would need to edit the code, or manually edit the firewall rule via Windows GUI.
If somebody wants to rewrite this to use hosts.deny, that would have the same effect. The advantage here is that you can potentially block access to more than just ssh running on your windows box. Just depends on the scope of the block rule.