[CentOS] Problem SSH

Wed Oct 26 15:10:22 UTC 2005
James B. Byrne <ByrneJB at Harte-Lyne.ca>

On Tue, 25 Oct 2005 10:54:16 -0700, Benjamin Smith <lists at benjamindsmith.com> wrote:

> Based on your question, I'll consider that you're pretty much
> using a standard iptables config. 
> 
> edit /etc/sysconfig/iptables 
> 
> Add the following line, somewhere in the middle - it allows
> inbound connections to TCP port 22: 
> 
> -A RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT
> 
> If you want to restrict access to a single IP address try this,  
> it allows inbound connections to port 22 from ip address 1.2.3.4:
> 
> -A RH-Firewall-1-INPUT -p tcp -s 1.2.3.4/32 --dport 22 -j ACCEPT
> 
> Then restart iptables 
> /etc/rc.d/init.d/iptables restart; 

If you also wish to throttle new connections to the sshd daemon (a 
most useful security measure in my opinion) then you can add this 
to the top of your INPUT chain as well:

# sshd new connection attempts throttled to 4/min./IP addr.
-A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 --
state NEW -j DROP  --update --seconds 60 --hitcount 4 --name 
DEFAULT --rsource
# Add new sshd connection attempt to recent ip list
-A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 --
state NEW  --set --name DEFAULT --rsource

You can alter the comparison period and connection rate values by 
altering the arguments for --seconds and --hitcount appropriately.  
For example, to permit no more than twelve connections from a 
single IP address within any five minute period then use --seconds 
300 --hitcount 12.

Regards,
Jim

--   
     *** e-mail is not a secure channel ***
mailto:byrnejb.<token>@harte-lyne.ca
James B. Byrne                Harte & Lyne Limited
vox: +1 905 561 1241          9 Brockley Drive
fax: +1 905 561 0757          Hamilton, Ontario
<token> = hal                 Canada L8E 3C3