ssh security
Knute Johnson
knute at frazmtn.com
Tue Dec 27 02:01:54 UTC 2005
Below are the iptables rules that I use to block connections from the
same address in a 30 second period. I get a couple of hits a day to
this but not the thousands of attempts like before. You can set the
timeout to whatever you want. The only drawback to this method is if
you accidently fail to log in then you can't for 30 seconds. I also
restrict root login, use Allow Users and I disabled all password
authentication. I did leave it on port 22 though.
# this rule logs
-A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh-
limit --update --seconds 30 -m tcp -p tcp --dport 22 -j LOG --log-
level WARNING --log-prefix "ssh-limit "
# this rule drops the packet if connection is already in list
-A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh-
limit --update --seconds 30 -m tcp -p tcp --dport 22 -j DROP
# this rule sets the list
-A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh-
limit --set -m tcp -p tcp --dport 22 -j ACCEPT
--
Knute Johnson
Molon Labe...
More information about the users
mailing list