[plug] firewalling ssh

[Adrian Woodley]

I'm personally not a huge fan of Port Knocking - its smacks of "security 
through obscurity".

Using ssh keys is much more convenient and secure method of protecting 
both your password and your ssh server (its the current basis for access 
at my work).  If you're frequently on strange/different machines then 
keeping your private key and a known_hosts file on a thumb-drive is a 
convenient way of authenticating  both yourself and your server (avoid 
Man-in-the-Middle attacks).

Alternatively theres Ajaxterm 
(http://antony.lesuisse.org/qweb/trac/wiki/AjaxTerm) as run on 
https://ssh.diskworld.com.au :P
(I'll wake up tomorrow to find Bernard has 'sploited my box through this 
little gateway - he's a dodgy character that one; heard he was spoofing 
MAC addresses yesterday!).

Adrian

Bernd Felsche wrote:
> Tim Bowden <tim.bowden at westnet.com.au> writes:
>
>   
>> I'm trying to protect a debian box from ssh attacks.  I need to be
>> able to ssh in from anywhere so I need to keep port 22 open. What I
>> would like to do though is drop connection requests from any
>> address that attempts to connect more than three or four times in
>> less than a minute.  Any ideas on how to do it?  What I'd like to
>>     
>
> You've never mis-typed a password? Twice?
>
>   
>> do is an iptables rule that does rate limiting syn packets per each
>> source address but I don't believe that's possible (at least out of
>> the box).
>>     
>
> You should also look at "port knocking".
>
> This means that you don't run the sshd (at the usual port) but with
> a deft sequence of hitting a pre-defined sequence of ports within a
> short period of time, you then set the sshd to listen to the IP
> address from which you're knocking... for a minute.
>
> Connection by pre-shared key is also possible which frustrates
> dictionary attacks for trying to get access. Change the key
> irregularly.
>