[plug] firewalling ssh
Bernd Felsche
bernie at innovative.iinet.net.au
Mon Jan 8 18:27:22 WST 2007
Tim Bowden <tim.bowden at westnet.com.au> writes:
>I'm trying to protect a debian box from ssh attacks. I need to be
>able to ssh in from anywhere so I need to keep port 22 open. What I
>would like to do though is drop connection requests from any
>address that attempts to connect more than three or four times in
>less than a minute. Any ideas on how to do it? What I'd like to
You've never mis-typed a password? Twice?
>do is an iptables rule that does rate limiting syn packets per each
>source address but I don't believe that's possible (at least out of
>the box).
You should also look at "port knocking".
This means that you don't run the sshd (at the usual port) but with
a deft sequence of hitting a pre-defined sequence of ports within a
short period of time, you then set the sshd to listen to the IP
address from which you're knocking... for a minute.
Connection by pre-shared key is also possible which frustrates
dictionary attacks for trying to get access. Change the key
irregularly.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | "If we let things terrify us,
X against HTML mail | life will not be worth living."
/ \ and postings | Lucius Annaeus Seneca, c. 4BC - 65AD.
More information about the plug
mailing list