Securing SSH with IPTABLES

Securing ssh access to your server is important. Every second your system can be a target for dictionary attacks by someone who want to get into your system via ssh. Therefor you should always take precautions like some basic security options i.e. disabling ssh root access and limit ssh access to certain users.

If you take a look at /var/log/secure you might see a lot of Failed password for.... entries on your system:
cat /var/log/secure* | grep 'Failed password' | grep sshd | sort
With some iptable rules we can set some restrictions i.e. limit the connections per ip, or rate-limit the connections

To limit the connectios per ip we use:
iptables  -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT
To set the connection rate-limit to reject 4 or more connections attempts within 60 seconds:
iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update \
--seconds 60 --hitcount 4 -j REJECT

Please login first before adding a comment.


You are here: Home Howtos and FAQs Security Securing SSH with IPTABLES