Index ¦ Archives ¦ Atom

My Preferred Way to Stop SSH Dictionary Attacks

I did a google search and found that suggested using iptables to filter ssh traffic and to slow down repeat requests. The default is to let the first request through, and then wait 1 minute before accepting another request. It seems to work like a champ. I already do things like only allow public-key authentication and I have turned off root access as any sysadmin should. Below are the iptables commands I added to my /etc/rc.local file to be run at startup:

iptables -A INPUT -p tcp -m state --syn --state NEW --dport ssh \\
-m limit --limit 1/minute --limit-burst 1 -j ACCEPT

iptables -A INPUT -p tcp -m state --syn --state NEW --dport ssh -j DROP

© Steve Spigarelli. Built using Pelican. Theme by Giulio Fidente on github.