Re: restrict ssh access
- From: Thomas Carter <T.Carter@xxxxxxxxxxxx>
- Date: Tue, 27 Dec 2005 19:23:10 GMT
On Mon, 26 Dec 2005 14:34:42 -0800, Xinming He wrote:
> We have one ssh server which receives about 6000 failed attempts to login
> using various usernames everyday from malicious hosts (averaging about
> 1000 attempts from each distinct client IP address). Does anyone know if
> there is a way to restict the number or rate of unsuccessful login
> attempts per client IP address? For example, configure ssh server to
> accept only one ssh connection request per minute from the same client IP
> address. Thanks very much.
>
> Simon(Xinming)
This is something I picked up at some newsgroup not long ago.
#! /bin/sh
#
# This is a deterrent against SSH breakin attempts. Without this, /var/log/
# messages tends to get flooded by traces from such attempts. The last two
# lines of this script prevent such attempts to take place more frequently
# than every 15 seconds. Effectively, a failed SSH login attempt from a given
# IP address results in any further SSH login attempts from that address to
# be summarily dismissed for 15 seconds. The first line in the script just
# that this mechanism is not to be used for our internal network.
iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --update --seconds 15 -j DROP
iptables -A INPUT -p tcp -i eth0 -m state --state NEW --dport 22 -m recent --set -j ACCEPT
.
- References:
- restrict ssh access
- From: Xinming He
- restrict ssh access
- Prev by Date: Re: Error when changing expired password during login
- Next by Date: Can't log on to Windows OpenSSH
- Previous by thread: Re: restrict ssh access
- Next by thread: Logout in the dark of the night
- Index(es):
Relevant Pages
|
