LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

BlockSSHD version 0.5 released (SourceForge)

BlockSSHD version 0.5 released (SourceForge)

Posted Jul 20, 2006 10:00 UTC (Thu) by nix (subscriber, #2304)
Parent article: BlockSSHD version 0.5 released (SourceForge)

Alternatively you could protect them from SSH brute force attacks by allowing only challenge-response authentication and disabling password authentication on machines exposed to the Internet.

Automatically updating iptables like this is tantamount to handing attackers a way to get your system to block anything they like, on command. Helpful for DoS attacks...

(Log in to post comments)

BlockSSHD version 0.5 released (SourceForge)

Posted Jul 20, 2006 14:50 UTC (Thu) by fm2503 (guest, #2776) [Link]

Still it can get annoying even if you don't have password authentication turned on. iptables can do this quite neatly without the need to monitor logfiles. I use:
#!/bin/sh
iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s My.local.Lan.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s Trusted.Internet.Machine --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j LOG --log-prefix SSHBRUTE
iptables -A INPUT -m tcp -p tcp --dport 22 -j DROP

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds