Hi,
You can create the iptables rules to block the ssh connection limit rate wise.
Create a new chain named ssh_check
/sbin/iptables -N SSH_CHECK
Redirecting all request for 22 port to new chain SSH_CHECK
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
Then allow all of your valid remote ip's that are allowed to login
/sbin/iptables -I SSH_CHECK 1 -s 1.2.3.4 -j ACCEPT /sbin/iptables -I SSH_CHECK 2 -s 10.10.2.2 -j ACCEPT
Then for the rest of the ip it wont allow more than 4 connection within this 60 seconds interval, its useful to prevent brute force attack.
/sbin/iptables -A SSH_CHECK -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROP
Regards. crazy paps
On Fri, Nov 28, 2008 at 12:36 PM, Veiko Kukk veiko.kukk@krediidipank.ee wrote:
Hi!
I need to delay failed ssh password authentication as an additional measure against brute force ssh attacks. I understand, that shoud be accomplished through pam, but googling gave me no example. I have CentOS 5.2.
-- Veiko Kukk _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos