Mailinglist Archive: opensuse (2459 mails)

< Previous Next >
Re: [opensuse] SuSefirewall - protect sshd
  • From: "Otto Rodusek (AP-SGP)" <otto@xxxxxxxxxxxxxx>
  • Date: Tue, 11 Mar 2008 03:16:19 +0800
  • Message-id: <47D58903.7080505@xxxxxxxxxxxxxx>
Wolfgang Woehl wrote:
Montag, 10. März 2008 Otto Rodusek (AP-SGP):

Patrick Shanahan wrote:



look at the packages: fail2ban
denyhosts



Regardless whether I use the above packages, I would still like to
limit the number of sshd logins to 3 per minute.


Hi Otto, I hope you don't mind my nitpicking: Doing this you are of
course effectively denial-of-service'd by your own firewall as none
of your regular users will be able to catch a slot.

Whitelisting them might be the only way to maintain the service while
under attack.

Wolfgang

Hi Wolfgang,

Indeed you are correct and in fact my ssh sessions are very tightly
controlled (only 2 admins have access) and I also keep whitelists (via
hosts.allow, hosts.deny, as well as name access via sshd.conf. This
exercise was basically to keeps the robot attacks at bay - it is common
to have several hundred sshd rejections in my logs overnight. I simply
wanted to limit the number of logins on the same ip to only 3 per minute
and this is where I ran into a brick wall with Susefirewall.

The solution presented by Boyd solved it and its seems that with his
iptable rules I am now able to restrict the robots to no more than 3
sshd login attempts per minute - plenty of time for my routines to
identify and permenantly lock them out. Again thanks for your comments
and help. Rgds. Otto.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >