limit ssh attempts

Paul Mora paulmora-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Nov 30 03:38:13 UTC 2005


Hello.

I use this "port knocking" feature, that someone else mentioned.  Here's
what the rules look like in netfilter (iptables):

# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent
--rcheck --name SSH --rsource -j ACCEPT
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1599 -m
recent --remove --name SSH --rsource -j DROP
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1600 -m
recent --set --name SSH --rsource -j DROP
# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1601 -m
recent --remove --name SSH --rsource -j DROP

The first rule enables the ssh service inbound into the machine (any
adapter) only if the SSH resource is set.  Pretty straight forward.

The next three rules disable and enable the ssh service upon connection to
ports 1599, 1600, and 1601.  So, to enable ssh, simply connect (via telnet
or some other way) to port 1600, disconnect, then connect to ssh normally.
The disable rules on either side of port 1600 is so that someone running a
port scanner will not unknowingly open the ssh service.

I got this from the following link:


--
Paul Mora
email: paulmora-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20051129/58e3c628/attachment.html>


More information about the Legacy mailing list