Re: Ideas for stopping ssh brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



"Bo Lynch" <blynch@xxxxxxxxxxxxxxxxx> wrote:

>>
Just wanted to know if anyone had any experience with anything like these
programs or have any other advice.
<<

No need for any add-ons. Just do two things:

1. Disable password logins. In /etc/ssh/sshd_config, add

PasswordAuthentication no

Now you will have to authenticate by private key, but that's always been
the best idea, anyway. Now the script kiddies can bang on your system all
day and they won't get anywhere.

2. If the bandwidth they're wasting continues to annoy you, then rate-limit
connections to the ssh port. Using the default firewall config in
/etc/sysconfig/iptables, add this:

# Rate limit connections to port 22 to slow SSH brute force attacks
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m limit --limit
1/minute
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update
--seconds 180 --hitcount 3 -j DROP

Then restart the iptables service. That'll slow them right down, if they
can even figure out what's going on.

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux