[tor-relays] SSH
lists at for-privacy.net
lists at for-privacy.net
Wed Sep 23 23:11:52 UTC 2020
On 22.09.2020 20:34, George wrote:
> The great secret SSHD security hack that I feel uncomfortable
> mentioning
> on a public list is... do SSH over IPv6 if you can. Seems like the
> bots
> haven't caught up to that yet.
;-)
Yeah, only 1 or 2 attempts/YEAR over IPv6 and thats a research project
from a german uni.
I block SSH DDoS attack with iptables recent module:
## Drop incoming connections which make more than 4 connection attempts
upon port 22 within ten minutes
## To list these damned IP's: 'nano /proc/net/xt_recent/ssh' or
## 'cat /proc/net/xt_recent/ssh > recent-ssh.txt'
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh
--set
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh
--update --seconds 600 --hitcount 4 -j DROP
Fail2ban Block Penetrants permanent:
[recidive]
enabled = true
# logpath = /var/log/fail2ban.log
# banaction = %(banaction_allports)s
bantime = -1 ; permanent
findtime = 86400 ; 1 day
maxretry = 6
I leave SSH on port 22, but pub-key auth is important
and only one user or group is authorized to login. See
AllowUsers user
AllowGroups sshusers
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
More information about the tor-relays
mailing list