1 |
There is another, dirty hack, posibility.... change the port that ssh i |
2 |
listening on (done in /etc/ssh/sshd_config). Change it to a normaly not |
3 |
used port (> 1024). Normal scannes only scan known port and often only |
4 |
port lower than 1024. use.. like 20202 for ssh. You'll just have to |
5 |
remember the port number when connecting. |
6 |
|
7 |
use: ssh -p 20202 -l youruser your.server.com |
8 |
|
9 |
-- |
10 |
Mvh Lasse B. Jensen |
11 |
|
12 |
On Mon, 9 Aug 2004, Andrew Gaffney wrote: |
13 |
|
14 |
> Lasse B. Jensen wrote: |
15 |
>> You cannot just add the sleep function. I will only give 1 minute sleep |
16 |
>> when you initialing your firewall. |
17 |
>> |
18 |
>> The best thing you can do i to only allow certaion ips to connect to your |
19 |
>> server, fx: |
20 |
>> |
21 |
>> iptables -A INPUT -p tcp --dport 22 -s 192.168.0.2 -j ACCEPT |
22 |
>> iptables -A INPUT -p tcp --dport 22 -j DROPA |
23 |
>> |
24 |
>> Which will drop alle connections to port 22 (ssh) expect connections from |
25 |
>> 192.168.0.2 (more can easily be added) |
26 |
> |
27 |
> The problem with this is that I need to be able to connect from wherever I |
28 |
> happen to be when I need to connect. I have to have port 22 open to the |
29 |
> world. What I really want to prevent is the 4-10 login attempts that these |
30 |
> script kiddies make after they find a host with SSH running. I want any login |
31 |
> failure via SSH to result in a 1 minute block of the originating IP address. |
32 |
> |
33 |
> -- |
34 |
> Andrew Gaffney |
35 |
> Network Administrator |
36 |
> Skyline Aeronautics, LLC. |
37 |
> 636-357-1548 |
38 |
> |
39 |
> |
40 |
> -- |
41 |
> gentoo-security@g.o mailing list |
42 |
> |
43 |
> |
44 |
|
45 |
-- |
46 |
gentoo-security@g.o mailing list |