home | list info | list archive | date index | thread index

[OCLUG-Tech] ssh suggestions

We are far away from the original topic.  A new thread begins.

On 16 Apr 2006 at 18:34, Martin Hicks wrote:

> 
> On Sat, Apr 15, 2006 at 12:42:15PM -0400, sberaud wrote:
> > 
> > Adding the drop rule was made easy with Webmin, once I knew what I had 
> > to do.
> > 
> 
> Okay, so here's what I do.  I use ipt_recent, which allows you to do
> <something> if someone tries to connect to you at a fairly high rate.
> This stops the brute force ssh attacks in their tracks.
> 
> # Rate limit SSH -- avoid dictionary attacks
> iptables -A INPUT -p tcp --dport 22 -i $extdev -m state --state NEW -m recent \
>         --set
> iptables -A INPUT -p tcp --dport 22 -i $extdev -m state --state NEW -m recent \
>        --update --seconds 60 --hitcount 4 -j LOG
> iptables -A INPUT -p tcp --dport 22 -i $extdev -m state --state NEW -m recent \
>         --update --seconds 60 --hitcount 4 -j DROP

I would recommend moving sshd to listen on another higher, random 
port.  e.g. 12345.

Also, make use of the ssh config file to limit incoming connections 
to known IP addresses.

And best of all, require the use of sshe keys to login, not 
passwords.


-- 
Dan Langille : Software Developer looking for work
my resume: http://www.freebsddiary.org/dan_langille.php