[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH
From: lists@xxxxxxxxxxxxxxx
Date: Thu, 24 Sep 2020 01:11:52 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 23 Sep 2020 19:12:10 -0400
In-reply-to: <553e11c1-a290-8414-95f9-4150aa85d7b8@queair.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAE5iq3i1KiyV+Cg63ixbHY7XD4BfmYKhL3B0APSWCanqSAPxqQ@mail.gmail.com> <fa6d0fea-03f7-9e19-01fc-736c18493a9d@yl.ms> <553e11c1-a290-8414-95f9-4150aa85d7b8@queair.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.3.3

On 22.09.2020 20:34, George wrote:

The great secret SSHD security hack that I feel uncomfortablementioningon a public list is... do SSH over IPv6 if you can. Seems like thebots
haven't caught up to that yet.

;-)

Yeah, only 1 or 2 attempts/YEAR over IPv6 and thats a research projectfrom a german uni.



I block SSH DDoS attack with iptables recent module:

## Drop incoming connections which make more than 4 connection attemptsupon port 22 within ten minutes

## To list these damned IP's: 'nano /proc/net/xt_recent/ssh' or
## 'cat /proc/net/xt_recent/ssh > recent-ssh.txt'

-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh--set-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh--update --seconds 600 --hitcount 4 -j DROP



Fail2ban Block Penetrants permanent:

[recidive]
enabled = true
# logpath = /var/log/fail2ban.log
# banaction = %(banaction_allports)s
bantime = -1            ; permanent
findtime = 86400      ; 1 day
maxretry = 6


I leave SSH on port 22, but pub-key auth  is important
and only one user or group is authorized to login. See
AllowUsers user
AllowGroups sshusers

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] SSH
  - From: Андрей Гвоздев
- Re: [tor-relays] SSH
  - From: ylms
- Re: [tor-relays] SSH
  - From: George

Prev by Author: [tor-relays] Fwd: Re: "Your server (xxxx:443) has not managed to confirm that its ORPort is reachable."
Next by Author: Re: [tor-relays] "Your server (xxxx:443) has not managed to confirm that its ORPort is reachable."
Previous by thread: Re: [tor-relays] SSH
Next by thread: [tor-relays] Expiration time from torbulkexitlist
Index(es):
- Author
- Thread