3,054
edits
Changes
From SME Server
Jump to navigationJump to search→Public SSH Access
==Public SSH Access==
Configuring SSH access as public will result in lots of script based login attempts which consume bandwidth, CPU and generate log noise. A new iptables rule which blocks repeated connection attempts to the configured sshd port. See [[bugzilla 8257]] and [[bugzilla:8258]]
Configuring SSH access as public will result in lots of script based login attempts which consume bandwidth, CPU and generate log noise. A new iptables rule which blocks repeated connection attempts to the configured sshd port. See [[bugzilla: 8257]] and [[bugzilla:8258]]
It is set to reject connections when there have been 3 or more requests in the previous 15 minutes. The autoblock lapses when there have been fewer than this many requests in the specified times (set by AutoBlockTime).
It is set to reject connections when there have been 3 or more requests in the previous 15 minutes. The autoblock lapses when there have been fewer than this many requests in the specified times (set by AutoBlockTime).
By design only IP outside your local network will blocked if too many attempts are done.
'''By design only IP outside your local network will be blocked if too many attempts are done.'''
{{Note box|[[Affa|Affa]] is incompatible with AutoBlock.
Learn is incompatible with AutoBlock.
Use [https://wiki.contribs.org/Fail2ban Fail2ban.]}}
===Default values===
===Default values===
===Set Values===
===Set Values===
The ipt_recent (SME8) or xt_recent/SSH (SME9) module records the current block status for the last 100 IP addresses seen in /proc/net/ipt_recent/SSH (SME8) or /proc/net/xt_recent/SSH (SME9), i.e. Output from "iptables -L SSH_Autoblock -v" from a system up for 56 days:
The ipt_recent (SME8) or xt_recent/SSH (SME9) module records the current block status for the last 100 IP addresses seen in '''/proc/net/ipt_recent/SSH''' (SME8) or '''/proc/net/xt_recent/SSH''' (SME9), i.e. Output from "'''iptables -L SSH_Autoblock -v'''" from a system up for 56 days:
Chain SSH_Autoblock (1 references)
Chain SSH_Autoblock (1 references)
Note: if ssh is moved to another port (say 2211) then SSH_Autoblock installs itself on the port number configured for sshd.
Note: if ssh is moved to another port (say 2211) then SSH_Autoblock installs itself on the port number configured for sshd.
===How to access the AutoBlock history?===
===How to access the AutoBlock history?===
How to display the current block status for the last 100 IP addresses seen:
How to display the current block status for the last 100 IP addresses seen:
iptables -L SSH_Autoblock -v"
iptables -L SSH_Autoblock -v
====How clear logs====
====How clear logs====
See the information in the iptables(8) man page for other block list management options.
See the information in the iptables(8) man page for other block list management options.
==Similar contribs==
* [[Fail2ban]]
* [[Denyhosts]].
[[Category:Howto]]
[[Category:Howto]]
[[Category:Security]]
