NOUSER

[Gregory Machin]

> If you must leave ssh open to the outside world, use a simple iptables
> ruleset to limit attempts:
>
> # This rejects ssh attempts more than twice in 180 seconds...
> # First, mark attempts as part of the "sshattack" group...
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --set
> # Optional: Include this line if you want to log these attacks...
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck
> --seconds 180 --hitcount 2 -j LOG --log-prefix "SSH REJECT: "
> # Finally, reject the connection if more than one attempt is made in 180
> seconds...
> -A INPUT -p tcp --syn --dport 22 -m recent --name sshattack --rcheck
> --seconds 180 --hitcount 2 -j REJECT --reject-with tcp-reset
>
> If more than one ssh attempt is made in 180 seconds (three minutes)
> from a given IP address, this blocks that IP address for that duration.
> You get one try.  If you fail, you must wait 3 minutes before you can
> try again.
>
> Note that even a successful login is counted.  If you log in and
> immediately log out, you still have to wait 3 minutes to get in again.
>
> Change the "--hitcount 2" bits to "--hitcount 3" if you want to give
> yourself two tries to get in.  You can also change the "--seconds 180"
> to "--seconds 300" to make the delay 5 minutes.  The values I give above
> are enough to discourage most script kiddie attempts to get into your
> box.

Hi
Sorry to hijack this tread. The above should it be before, or after
you allow the ssh port ?

Thanks
G