Raquel wrote:
On Wed, 28 Jan 2009 11:43:21 +0000 Kevin Philp <kevin@cybercolloids.net> wrote:If you set up a home ssh server and expose it to the internet you will get brute force password break in attempts so make sure you restrict who can log in very tightly and deny root login access as a minimum. We also block connections to our SSH port if someone connects more than a few times in a ten minute period.A good package to install, to help with the brute force attacks isfail2ban.
Even easier and better add the following to your iptables firewall. This monitors your connections to the ssh port and drops the connection if they try more than 4 connections in 10 minutes. I have been using this for a while - works a treat.
references at : http://www.la-samhna.de/library/brutessh.html http://www.ducea.com/2006/06/28/using-iptables-to-block-brute-force-attacks//sbin/iptables -A ssh-connection -i $EXT -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j LOG --log-prefix "SSH_brute_force " /sbin/iptables -A ssh-connection -i $EXT -p tcp --dport 22 -m recent --update --seconds 600 --hitcount 4 --rttl --name SSH -j DROP /sbin/iptables -A ssh-connection -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT