Line 1: |
Line 1: |
− | ===Public SSH Acess===
| + | ==Public SSH Access== |
− | Configuring SSH access as public will result in lots of script based login attempts which consume bandwidth, CPU and generate log noise. A new iptables rule which blocks repeated connection attempts to the configured sshd port. See [[bugzilla 8257]] and [[bugzilla:8258]] | + | Configuring SSH access as public will result in lots of script based login attempts which consume bandwidth, CPU and generate log noise. A new iptables rule which blocks repeated connection attempts to the configured sshd port. See [[bugzilla: 8257]] and [[bugzilla:8258]] |
| | | |
| It is set to reject connections when there have been 3 or more requests in the previous 15 minutes. The autoblock lapses when there have been fewer than this many requests in the specified times (set by AutoBlockTime). | | It is set to reject connections when there have been 3 or more requests in the previous 15 minutes. The autoblock lapses when there have been fewer than this many requests in the specified times (set by AutoBlockTime). |
| | | |
− | By design only IP outside your local network will blocked if too many attempts are done. | + | '''By design only IP outside your local network will be blocked if too many attempts are done.''' |
| + | |
| + | {{Note box|[[Affa|Affa]] is incompatible with AutoBlock. |
| + | Learn is incompatible with AutoBlock. |
| + | |
| + | Use [https://wiki.contribs.org/Fail2ban Fail2ban.]}} |
| + | |
| ===Default values=== | | ===Default values=== |
| | | |
Line 14: |
Line 20: |
| ===Set Values=== | | ===Set Values=== |
| | | |
− | The ipt_recent (SME8) or xt_recent/SSH (SME9) module records the current block status for the last 100 IP addresses seen in /proc/net/ipt_recent/SSH (SME8) or /proc/net/xt_recent/SSH (SME9), i.e. Output from "iptables -L SSH_Autoblock -v" from a system up for 56 days: | + | The ipt_recent (SME8) or xt_recent/SSH (SME9) module records the current block status for the last 100 IP addresses seen in '''/proc/net/ipt_recent/SSH''' (SME8) or '''/proc/net/xt_recent/SSH''' (SME9), i.e. Output from "'''iptables -L SSH_Autoblock -v'''" from a system up for 56 days: |
| | | |
| Chain SSH_Autoblock (1 references) | | Chain SSH_Autoblock (1 references) |
Line 47: |
Line 53: |
| | | |
| Note: if ssh is moved to another port (say 2211) then SSH_Autoblock installs itself on the port number configured for sshd. | | Note: if ssh is moved to another port (say 2211) then SSH_Autoblock installs itself on the port number configured for sshd. |
− |
| |
| | | |
| ===How to access the AutoBlock history?=== | | ===How to access the AutoBlock history?=== |
Line 62: |
Line 67: |
| | | |
| How to display the current block status for the last 100 IP addresses seen: | | How to display the current block status for the last 100 IP addresses seen: |
− | iptables -L SSH_Autoblock -v" | + | iptables -L SSH_Autoblock -v |
| | | |
| ====How clear logs==== | | ====How clear logs==== |
Line 75: |
Line 80: |
| | | |
| See the information in the iptables(8) man page for other block list management options. | | See the information in the iptables(8) man page for other block list management options. |
| + | |
| + | ==Similar contribs== |
| + | * [[Fail2ban]] |
| + | * [[Denyhosts]]. |
| | | |
| | | |
| [[Category:Howto]] | | [[Category:Howto]] |
| + | [[Category:Security]] |