[Klug-general] Remote Admin over Internet

alan alan at comm-tech.org
Thu Jun 29 09:25:21 BST 2006


I use this little script to stop brute-forcers by only allowing 3 login
attempts within 60 seconds. You could also just DENY non specified IP 
addresses...

# Allow connections to SSH server from localhost
iptables -A INPUT -p tcp -m tcp -s 127.0.0.1 --dport ssh -j ACCEPT
# Allow connections to  SSH server from local LAN
iptables -A INPUT -p tcp -m tcp -s 10.0.0.0 --dport ssh -j ACCEPT
# Allow connections to SSH server from my work IP address
iptables -A INPUT -p tcp -m tcp -s xx.xx.xxx.xxx --dport ssh -j ACCEPT
# Allow three connection attempts in 60 seconds for anyone else
iptables -A INPUT -p tcp -m tcp -m state -m recent --dport ssh --state
NEW --set
iptables -A INPUT -p tcp -m tcp -m state -m recent --dport ssh --state
NEW -j DROP --update --seconds 60 --hitcount 5

Still, I reckon if subscribe to full-disclosure and you keep your server
patched, you are not going to get compromised expect by human error.

Alan
-------------------------------------

Laurence Southon wrote:
> Ritchie Fraser wrote:
>>
>> Is it just a case of poking a hole in my dad's router's firewall and 
>> also forwarding ssh traffic to his PC?
>>
>
> Do be careful with this. I've had a server compromised despite 
> disabling root logins and using strong passwords.
>
> You would do well to allow ssh logins with keys only.
>
> Regards,
>
> Laurence Southon
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent




More information about the Kent mailing list