Re: ssh attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Max wrote:
> John Merritt wrote:
> 
>> Hi,
>>
>> Thanks to everyone who responded. I learned a lot today.
>>
> 
> I found a cool project called DenyHosts that I just setup last evening 
> for this purpose. I haven't used it very long, but it was very easy to 
> setup, and seems to be working for me. I know it's cut down on the 
> invalid user logging in /var/log/secure in a matter of a day already, 
> and I've even left SSH traffic on port 22, just to make sure that it's 
> being hammered on.
> 
> Check it out.
> 
> <http://denyhosts.sourceforge.net/index.html>
> 
> Max

a very simple way of denying repeated ssh access after the first time is to 
replace the

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

line in /etc/syconfig/iptables with the following two lines (the mailer might 
wrap them):

-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport ssh -m recent --name 
SSH --update --seconds 30 -j DROP
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport ssh -m recent --name 
SSH --set -j ACCEPT

The only drawback is that a permitted user has to wait 30 seconds after the end 
of a ssh session before she can establish a new one.

Works very well here.

Kay


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux