sshd config problem.
Bill McGonigle
bill at bfccomputing.com
Mon Sep 3 15:22:31 EDT 2007
On Sep 3, 2007, at 00:33, Steven W. Orr wrote:
> I had previously
> modified my listening port from 22 to something with a couple of extra
> digits for the kiddys.
I might have mentioned this before, but I find iptables and knocking
more effective and less confusing (to me) than changing the port
number for ssh. e.g.:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -
m recent --rcheck --name SSH -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
1233 -m recent --name SSH --remove -j DROP
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
1234 -m recent --name SSH --set -j DROP
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
1235 -m recent --name SSH --remove -j DROP
To use, just connect to port 1234 from the originating IP before
trying to make the ssh connection. Sequential port scanners probably
won't find it, random port scanners have a fleeting chance of finding
it, and of course, a purpose-built scanner could. So use publickey
auth or better too.
Practically speaking, I don't see kiddie scripts cluttering my logs
anymore. You could do different things on different interfaces in
iptables pretty easily if needed.
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf
More information about the gnhlug-discuss
mailing list