[CentOS] Ideas for stopping ssh brute force attacks

Les Bell lesbell at lesbell.com.au
Mon Jul 21 21:26:21 UTC 2008

"Bo Lynch" <blynch at ameliaschools.com> wrote:

Just wanted to know if anyone had any experience with anything like these
programs or have any other advice.

No need for any add-ons. Just do two things:

1. Disable password logins. In /etc/ssh/sshd_config, add

PasswordAuthentication no

Now you will have to authenticate by private key, but that's always been
the best idea, anyway. Now the script kiddies can bang on your system all
day and they won't get anywhere.

2. If the bandwidth they're wasting continues to annoy you, then rate-limit
connections to the ssh port. Using the default firewall config in
/etc/sysconfig/iptables, add this:

# Rate limit connections to port 22 to slow SSH brute force attacks
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m limit --limit
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --set
-A INPUT -p tcp --dport 22 -i eth1 -m state --state NEW -m recent --update
--seconds 180 --hitcount 3 -j DROP

Then restart the iptables service. That'll slow them right down, if they
can even figure out what's going on.


--- Les Bell
Tel: +61 2 9451 1144
FreeWorldDialup: 800909

More information about the CentOS mailing list