Last active
June 8, 2016 18:27
-
-
Save codeopensrc/7582317b30a73f7a5178 to your computer and use it in GitHub Desktop.
Limit ssh attempts to your ubuntu computer/server to 3 attempts every 5 minutes (4th dropped)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Source/Reference https://serverfault.com/questions/275669/ssh-sshd-how-do-i-set-max-login-attempts#275672 | |
# Before enabling, be sure you | |
# a) Know you're public ip address | |
# b) Know that your public ip address won't change (fixed ip) | |
# c) Have a backup method to get in just in case (Digital Ocean's "console" for example) | |
# sudp apt-get install ufw | |
# sudo ufw allow to any port 22 from your.ip.address.here proto tcp | |
# sudo ufw enable | |
# You can then fine-tune any ports to allow for public access or specific ip access | |
# An example for mongo administration from work | |
sudo ufw allow to any port 12017 from my.work.ip.address proto tcp | |
# I can now use the -h commands in mongo to directly access it from my work computer | |
# Check out UFW rules, theres rate limiting and a firewall is a good thing! | |
# https://help.ubuntu.com/community/UFW | |
# Below is what I previously had written until I learned UFW does rate limiting by default | |
# Keeping incase people would like it (I cannot confirm 100% the accuracy of it, as I personally no longer use it.) | |
# Forget iptables, just enable UFW above | |
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH -j ACCEPT | |
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 4 --rttl --name SSH -j DROP | |
# OR | |
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set | |
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment