[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] SSH
On 22.09.2020 20:34, George wrote:
The great secret SSHD security hack that I feel uncomfortable
mentioning
on a public list is... do SSH over IPv6 if you can. Seems like the
bots
haven't caught up to that yet.
;-)
Yeah, only 1 or 2 attempts/YEAR over IPv6 and thats a research project
from a german uni.
I block SSH DDoS attack with iptables recent module:
## Drop incoming connections which make more than 4 connection attempts
upon port 22 within ten minutes
## To list these damned IP's: 'nano /proc/net/xt_recent/ssh' or
## 'cat /proc/net/xt_recent/ssh > recent-ssh.txt'
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh
--set
-A INPUT -p tcp --dport 22 -m state --state NEW -m recent --name ssh
--update --seconds 600 --hitcount 4 -j DROP
Fail2ban Block Penetrants permanent:
[recidive]
enabled = true
# logpath = /var/log/fail2ban.log
# banaction = %(banaction_allports)s
bantime = -1 ; permanent
findtime = 86400 ; 1 day
maxretry = 6
I leave SSH on port 22, but pub-key auth is important
and only one user or group is authorized to login. See
AllowUsers user
AllowGroups sshusers
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays