[CentOS] How to delay failed ssh auth

linux-crazy hicheerup at gmail.com
Fri Nov 28 10:43:50 UTC 2008


Hi,

  You can create the iptables rules to block the ssh connection limit rate wise.


Create a new chain named ssh_check

/sbin/iptables -N SSH_CHECK

Redirecting all request for 22 port to new chain SSH_CHECK

/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK

Then  allow all of your valid remote ip's that are allowed to login

/sbin/iptables -I SSH_CHECK  1 -s 1.2.3.4 -j  ACCEPT
/sbin/iptables -I SSH_CHECK  2 -s 10.10.2.2 -j ACCEPT

Then for the rest of the ip it wont allow more than 4 connection
within this 60 seconds interval, its useful to prevent brute force
attack.

/sbin/iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount
4 --name SSH -j DROP

Regards.
crazy paps

On Fri, Nov 28, 2008 at 12:36 PM, Veiko Kukk <veiko.kukk at krediidipank.ee> wrote:
> Hi!
>
> I need to delay failed ssh password authentication as an additional measure
> against brute force ssh attacks. I understand, that shoud be accomplished
> through pam, but googling gave me no example. I have CentOS 5.2.
>
> --
> Veiko Kukk
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


More information about the CentOS mailing list