3,254
edits
Changes
From SME Server
Jump to navigationJump to searchSSH Filtering with IPTables (view source)
Revision as of 04:14, 7 February 2019
, 04:14, 7 February 2019→AutoBlock
==Introduction==
==Introduction==
After a recent rise in the amount of SSH attacks I decided to have a look at other methods of blocking SSH attacks.
After a recent rise in the amount of SSH attacks I decided to have a look at other methods of blocking SSH attacks.
=== AutoBlock ===
[[AutoBlock]] is enabled by default on SME9 and later. By design only IP outside your local network will be blocked if too many attempts are done.
Default values
AutoBlockTime=900 # 900 seconds (15 minutes).
AutoBlockTries=4 # meaning that 3 Tries are allowed, the fourth try is blocked.
AutoBlock=disabled # default for SME Server 8
AutoBlock=enabled # default for SME Server 9
However there is no whitelist, you can easily lock you out.
===DenyHosts===
===DenyHosts===
However, it was sending me a lot of mails. Yes, I could disable them.
However, it was sending me a lot of mails. Yes, I could disable them.
However, it has to check the logs and find failed logins and then create a list for ssh to check against. SO it will allow at least one connection.
However, it has to check the logs and find failed logins and then create a list for ssh to check against. So it will allow at least one failed connection. It is, quite lightweight as it will update a simple plain text file called by /etc/hosts.deny on every ssh connection.
I wanted something a bit quicker that would bulk block a lot of IPs immediately.
I wanted something a bit quicker that would bulk block a lot of IPs immediately.
It may be worth looking at adding a specific AllowHosts section in the chain, or somewhere in masq to Allow Specific hosts, but block the rest of a country.
It may be worth looking at adding a specific AllowHosts section in the chain, or somewhere in masq to Allow Specific hosts, but block the rest of a country.
[[Category:SSH]]
[[Category:SSH]]
