[CentOS] How to delay failed ssh auth
linux-crazy
hicheerup at gmail.com
Fri Nov 28 10:43:50 UTC 2008
Hi,
You can create the iptables rules to block the ssh connection limit rate wise.
Create a new chain named ssh_check
/sbin/iptables -N SSH_CHECK
Redirecting all request for 22 port to new chain SSH_CHECK
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
Then allow all of your valid remote ip's that are allowed to login
/sbin/iptables -I SSH_CHECK 1 -s 1.2.3.4 -j ACCEPT
/sbin/iptables -I SSH_CHECK 2 -s 10.10.2.2 -j ACCEPT
Then for the rest of the ip it wont allow more than 4 connection
within this 60 seconds interval, its useful to prevent brute force
attack.
/sbin/iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount
4 --name SSH -j DROP
Regards.
crazy paps
On Fri, Nov 28, 2008 at 12:36 PM, Veiko Kukk <veiko.kukk at krediidipank.ee> wrote:
> Hi!
>
> I need to delay failed ssh password authentication as an additional measure
> against brute force ssh attacks. I understand, that shoud be accomplished
> through pam, but googling gave me no example. I have CentOS 5.2.
>
> --
> Veiko Kukk
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list