Tuesday, 25 November 2008

SSH connection limit per IP in Linux

Here's how to limit the maximum ssh connection attempts to your server. This guards against brute force attacks.

The following 2 rules will limit incoming connections to port 22 to no more than 3 attempts in a minute, any more than that will be dropped:

iptables -I INPUT tcp --dport 22 -i eth0 -m state --state NEW -m recent --set

iptables -I INPUT tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

Enter the above commands one after another in the Linux terminal prompt. Substitute eth0 for whatever your network interface is called (it's usually eth0).

Here's a barebones test script you can use to prove the iptables rules are working:


for i in 'seq 1 5' ; do
echo 'exit' | nc localhost 22 ;

Of course, you should also take other, simpler security measures like using strong passwords and limiting access times.

No comments: