Fwd: mistake on Securing SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This was sent to me regarding the wiki.

---------- Forwarded message ----------
From: "Martin Koníček" <mkonicek12@xxxxxxxxx>
Date: Mar 7, 2013 4:44 AM
Subject: mistake on Securing SSH
To: <timothy.ty.lee@xxxxxxxxx>
Cc:

Hi TImothy,

I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is pretty good, but there is a mistake.

Instead of having
iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

You should have
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

Brgds.
--
Martin
_______________________________________________
CentOS-docs mailing list
CentOS-docs@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos-docs
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Users]     [CentOS Virtualization]     [Linux Media]     [Asterisk]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]     [Project Hail Cloud Computing]

  Powered by Linux