Index ¦ Archives ¦ Atom

My Preferred Way to Stop SSH Dictionary Attacks

I did a google search and found aerospacesoftware.com that suggested using iptables to filter ssh traffic and to slow down repeat requests. The default is to let the first request through, and then wait 1 minute before accepting another request. It seems to work like a champ. I already do things like only allow public-key authentication and I have turned off root access as any sysadmin should. Below are the iptables commands I added to my /etc/rc.local file to be run at startup:

iptables -A INPUT -p tcp -m state --syn --state NEW --dport ssh \\
-m limit --limit 1/minute --limit-burst 1 -j ACCEPT

iptables -A INPUT -p tcp -m state --syn --state NEW --dport ssh -j DROP

© Steve Spigarelli. Built using Pelican. Theme by Giulio Fidente on github.