Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #36454

Re: Guaranteeing SSH access to specific clients

From "Carlos E.R." <robin_listas@es.invalid>
Newsgroups comp.os.linux.misc
Subject Re: Guaranteeing SSH access to specific clients
Date 2022-12-11 20:55 +0100
Message-ID <87ph6jxf5a.ln2@Telcontar.valinor> (permalink)
References (5 earlier) <tn1kup$1kimo$1@dont-email.me> <87bkoa7pne.fsf@usenet.ankman.de> <VxmcnQLlQp6Itwj-nZ2dnZfqn_ednZ2d@giganews.com> <mvkg6jx75r.ln2@Telcontar.valinor> <cf6cnav9tJ-ITwj-nZ2dnZfqnPWdnZ2d@giganews.com>

Show all headers | View raw

On 2022-12-11 13:50, Robert Heller wrote:
> At Sun, 11 Dec 2022 10:37:26 +0100 "Carlos E.R." <robin_listas@es.invalid> wrote:
> 
>>
>> On 2022-12-11 01:53, Robert Heller wrote:
>>> At Sat, 10 Dec 2022 19:25:09 -0500 Andreas Kohlbach <ank@spamfence.net> wrote:
>>>> On Sat, 10 Dec 2022 09:53:29 +0000, The Natural Philosopher wrote:
>>>>>
>>>>> On 09/12/2022 19:35, Robert Heller wrote:
>>>>>> At Fri, 9 Dec 2022 17:36:33 +0000 The Natural Philosopher <tnp@invalid.invalid> wrote:
>>>>>
>>>>>>> This is the best way except it does allow for a lot of random traffic
>>>>>>> hitting port 22 and trying to find a way in.
>>>>>>> Using obscure ports helps with this
>>>>>> Not really, but disabling passsword login greatly cuts down the
>>>>>> brute force
>>>>>> attempts.
>>>>>>
>>>>> Does it?  Cant say I noticed.
>>>>
>>>> Not here. Scammers will don't know that password login was disabled and
>>>> go on trying.
>>>
>>> But instead of sshd "wasting time" hashing passwords, it just rejects the
>>> attempt early on.  (A fail2ban rule could be used to firewall repeated failed
>>> attempts.)
>>
>> Firewall (iptables?) can do that directly, no need to involve a script.
> 
> fail2ban programmably matches the logs to generate firewall rule (eg iptables,
> or whatever) for offending IP addresses.

Yes, I know. But there are iptables rules can do something similar 
without reading or writing files, inside the kernel.

I can not say how to do that directly with iptables, but the old 
SuSEfirewall2 thing did it:

# Example:
#    Allow max three ssh connects per minute from the same IP address:
#      "0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

FW_SERVICES_ACCEPT_EXT= that


-- 
Cheers, Carlos.

Back to comp.os.linux.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-08 19:47 +0000
  Re: Guaranteeing SSH access to specific clients "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-08 16:31 -0500
    Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 01:20 +0000
      Re: Guaranteeing SSH access to specific clients "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-08 21:43 -0500
      Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 03:34 +0000
      Re: Guaranteeing SSH access to specific clients stepore <stepore@be.here.now> - 2022-12-08 19:34 -0800
      Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-09 04:42 +0100
        Re: Guaranteeing SSH access to specific clients "26C.Z969" <26C.Z969@noaada.net> - 2022-12-09 01:53 -0500
      Re: Guaranteeing SSH access to specific clients Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> - 2022-12-09 06:43 +0000
      Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 13:29 +0000
      Re: Guaranteeing SSH access to specific clients Allodoxaphobia <trepidation@example.net> - 2022-12-09 13:55 +0000
        Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-09 14:08 +0000
    Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 03:34 +0000
      Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-09 12:44 -0500
        Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 17:52 +0000
  Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-08 22:31 -0500
  Re: Guaranteeing SSH access to specific clients Richard Kettlewell <invalid@invalid.invalid> - 2022-12-09 12:36 +0000
  Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 13:27 +0000
  Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 14:48 +0000
    Re: Guaranteeing SSH access to specific clients Tauno Voipio <tauno.voipio@notused.fi.invalid> - 2022-12-09 17:42 +0200
      Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 17:36 +0000
        Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 19:35 +0000
          Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-10 09:53 +0000
            Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-10 13:58 +0000
            Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-10 14:08 +0000
              Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-10 14:15 +0000
            Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-10 19:25 -0500
              Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-11 00:53 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-11 10:37 +0100
                Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-11 12:50 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-11 20:55 +0100
                Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-12 09:35 +0000
                Re: Guaranteeing SSH access to specific clients Richard Kettlewell <invalid@invalid.invalid> - 2022-12-13 08:36 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E. R." <robin_listas@es.invalid> - 2022-12-15 18:09 +0100
      Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 22:03 +0000
        Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-10 09:56 +0000
          Re: Guaranteeing SSH access to specific clients Ted Heise <theise@panix.com> - 2022-12-16 18:40 +0000

csiph-web