Re: ssh security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Below are the iptables rules that I use to block connections from the 
same address in a 30 second period.  I get a couple of hits a day to 
this but not the thousands of attempts like before.  You can set the 
timeout to whatever you want.  The only drawback to this method is if 
you accidently fail to log in then you can't for 30 seconds.  I also 
restrict root login, use Allow Users and I disabled all password 
authentication.  I did leave it on port 22 though.

# this rule logs
-A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh-
limit --update --seconds 30 -m tcp -p tcp --dport 22 -j LOG --log-
level WARNING --log-prefix "ssh-limit  "
# this rule drops the packet if connection is already in list
-A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh-
limit --update --seconds 30 -m tcp -p tcp --dport 22 -j DROP
# this rule sets the list
-A RH-Firewall-1-INPUT -m state --state NEW -m recent --name ssh-
limit --set -m tcp -p tcp --dport 22 -j ACCEPT

-- 
Knute Johnson
Molon Labe...




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux