3,054
edits
Changes
From SME Server
Jump to navigationJump to search→Public SSH Access
==Public SSH Access==
Configuring SSH access as public will result in lots of script based login attempts which consume bandwidth, CPU and generate log noise. A new iptables rule which blocks repeated connection attempts to the configured sshd port. See [[bugzilla: 8257]] and [[bugzilla:8258]]
Configuring SSH access as public will result in lots of script based login attempts which consume bandwidth, CPU and generate log noise. A new iptables rule which blocks repeated connection attempts to the configured sshd port. See [[bugzilla: 8257]] and [[bugzilla:8258]]
It is set to reject connections when there have been 3 or more requests in the previous 15 minutes. The autoblock lapses when there have been fewer than this many requests in the specified times (set by AutoBlockTime).
It is set to reject connections when there have been 3 or more requests in the previous 15 minutes. The autoblock lapses when there have been fewer than this many requests in the specified times (set by AutoBlockTime).
'''By design only IP outside your local network will blocked if too many attempts are done.'''
'''By design only IP outside your local network will be blocked if too many attempts are done.'''
{{Note box|[[Affa|Affa]] is incompatible with AutoBlock.
Learn is incompatible with AutoBlock.
Use [https://wiki.contribs.org/Fail2ban Fail2ban.]}}
===Default values===
===Default values===
See the information in the iptables(8) man page for other block list management options.
See the information in the iptables(8) man page for other block list management options.
==Similar contribs==
* [[Fail2ban]]
* [[Denyhosts]].
[[Category:Howto]]
[[Category:Howto]]
[[Category:Security]]
