Re: [CentOS] Securing SSH

20 Apr 2008


      On Tue, Apr 15, 2008 at 10:29:16AM -0700, Tim Alberts wrote:
...
Ned Slider wrote:
...
...
Tim Alberts wrote:
...
So I setup ssh on a server so I could do some work from home and I think 
the second I opened it every sorry monkey from around the world has been 
trying every account name imaginable to get into the system.
What's a good way to deal with this?
The Wiki has an article here on just this:
http://wiki.centos.org/HowTos/Network/SecuringSSH
I've been experimenting with the iptables filtering with the recent module, 
but I have not yet had success.  I do have my default policy to reject with 
icmp and I've read the note that the default should be DROP.  Is this the 
problem?
I use the following iptables rules to halt the hammering:
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--set
note wrapping of commands.
Chip
-- 
------
    			**** Warning ****
This e-mail message, without warrant or warning, and despite US law as set
forth in the Foreign Intelligence Surveillance Act of 1978, may be subject
to monitoring by the United States National Security Agency and/or the
Department of Defense. Information contained in this message may be used
against any senders or recipients, now or in the future, in a public trial
or secret tribunal.
                       Please encrypt anything important.
    PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] Securing SSH