[CentOS-docs] Fwd: mistake on Securing SSH

Timothy Lee

timothy.ty.lee at gmail.com
Thu Mar 7 02:28:43 UTC 2013


This was sent to me regarding the wiki.
---------- Forwarded message ----------
From: "Martin Koníček" <mkonicek12 at gmail.com>
Date: Mar 7, 2013 4:44 AM
Subject: mistake on Securing SSH
To: <timothy.ty.lee at gmail.com>
Cc:

Hi TImothy,

I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is
pretty good, but there is a mistake.

*Instead of having*
iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60
--hitcount 4 --name ssh --rsource -j ACCEPT

*You should have*
iptables -A INPUT -p tcp --dport 22 *-m state --state NEW* -m recent --set
--name ssh --rsource
iptables -A INPUT -p tcp --dport 22 *-m state --state NEW* -m recent !
--rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

Brgds.
--
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-docs/attachments/20130307/85af321c/attachment-0002.html>


More information about the CentOS-docs mailing list