First Cup of Ubuntu
How can I disable sshd for a certain time?
Hi ,all ! I have a computer running Ubuntu Server 9.10.I think some one is attacking it: they always try to log in to it via ssh. I think I need to disable ssh log in for a certain time if a person failed for 3 times(only disable that one, other people should be OK).There seems to be no that key words in "man sshd_config" .Does anybody have advice for this issue ? Thank you !
Dark Roasted Ubuntu
save the following as/in /etc/network/if-up.d/bfa_protection
Then:Code:#!/bin/bash [ "${METHOD}" != loopback ] || exit 0 /sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH /sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 --rttl --name SSH -j DROP
Code:chmod u+x /etc/network/if-up.d/bfa_protection
A Carafe of Ubuntu
You can also have a look at DenyHosts, which is designed for this exact purpose.Originally Posted by yu xintian
Hi ,all ! I have a computer running Ubuntu Server 9.10.I think some one is attacking it: they always try to log in to it via ssh. I think I need to disable ssh log in for a certain time if a person failed for 3 times(only disable that one, other people should be OK).There seems to be no that key words in "man sshd_config" .Does anybody have advice for this issue ? Thank you !
This space is currently for rent . .
fail2ban
-------------------------------------
Oooh Shiny: PopularPages
Unumquodque potest reparantur. Patientia sit virtus.
Ubuntu Member
You don't need to do that, just install firestarter (it's a graphical front end for your systems firewall)
and remove permissions for port 22Code:sudo apt-get install firestarter
firestarter will also show you any attempts that have been made to access your system that have been denied, so you'll be able to see the IP address in question
Tea Glorious Tea!
I use denyhosts, its in the repos and does exactly what you're asking for.
First Cup of Ubuntu
You really should dissable password logins and just use public key authorization.
This link will guide you through setting up public key authorization
http://sial.org/howto/openssh/publickey-auth/
Then just disable password authentication in /etc/ssh/sshd_config
Then finally restart the daemon with "sudo /etc/init.d/ssh restart" and enjoy
Last edited by GolemXIV; February 20th, 2010 at 05:31 AM.
Way Too Much Ubuntu
As golem said, I would recommend using an RSA key to login instead of a password. Also, fail2ban works great.
Ubuntu addict and loving it
I used this guide when it came to the RSA keys.
http://help.ubuntu.com/community/SSH/OpenSSH/Keys
But since this is a server you're talking about and not a home user ssh setup then fail2ban is the way to go, it can blacklist them for a period of time that you set after a # of failed attempts within a time frame that you set.
Last edited by 2hot6ft2; February 20th, 2010 at 06:07 AM.
Ultimate Edition Links
First Cup of Ubuntu
Well,thank you for your advice! You help me a lot !
Posting Permissions
Adv Reply
Bookmarks