[CentOS] Securing SSH

Sun Apr 20 14:31:07 UTC 2008
Chris 'Chipper' Chiapusio <chipper at llamas.net>

On Tue, Apr 15, 2008 at 10:29:16AM -0700, Tim Alberts wrote:
> Ned Slider wrote:
>>> Tim Alberts wrote:
>>>> So I setup ssh on a server so I could do some work from home and I think 
>>>> the second I opened it every sorry monkey from around the world has been 
>>>> trying every account name imaginable to get into the system.
>>>> What's a good way to deal with this?
>> The Wiki has an article here on just this:
>> http://wiki.centos.org/HowTos/Network/SecuringSSH
> I've been experimenting with the iptables filtering with the recent module, 
> but I have not yet had success.  I do have my default policy to reject with 
> icmp and I've read the note that the default should be DROP.  Is this the 
> problem?

I use the following iptables rules to halt the hammering:

/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent
--update --seconds 60 --hitcount 3 -j DROP
/sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent

note wrapping of commands.


				**** Warning ****
This e-mail message, without warrant or warning, and despite US law as set
forth in the Foreign Intelligence Surveillance Act of 1978, may be subject
to monitoring by the United States National Security Agency and/or the
Department of Defense. Information contained in this message may be used
against any senders or recipients, now or in the future, in a public trial
or secret tribunal.
                       Please encrypt anything important.
    PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D