LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Block port 22 for specific IP's (http://www.linuxquestions.org/questions/linux-security-4/block-port-22-for-specific-ips-595145/)

lmcilwain 10-27-2007 11:42 PM

Block port 22 for specific IP's
 
Hello all,

Is it possible/easy to block port 22 for specific IPs using the terminal or some application? Right now I have it open to the world and its bothering me to see all the break-in attempts.

I need it so I can get to my systems from anywhere outside of my network.

I have not been able to successfully implement a VPN so I am using firestarter right now and it will allow me to block port 22 all together unless its from a specific IP but that is only good if I am in one specific place. Great for security but not very flexible.

lasantha 10-27-2007 11:53 PM

IPTABLES its easy. http://www.netfilter.org/projects/iptables/index.html

Kahless 10-28-2007 12:57 AM

super easy solution:


edit your /etc/ssh/sshd_config file


change your ssh port to any non standard port so it isn't detected by every port scanner that passes over your subnet

you will need to just add the -p flag when you log in to tell your client what arbritary port you moved the server to. Pick something that no standard services run on of possible

DISABLE ssh v1

disable root login, or better yet restrict it to ONLY the user or users that you log in as. DEFIANTLY DISABLE ROOT LOGIN


You should see your break in attempts drop to next to nothing once port scanners start seeing a closed or stealth port 22.


Security by obscurity is stupid, but so is actively advertising that you have something to break into. By hiding your already secure service, you only make things better :)

routers 10-28-2007 05:22 AM

another easy way is open your /etc/hosts.deny and add below if dont have then create it
ALL:ALL

then open your /etc/hosts.allow and add
sshd:192.168.1* 216.218.1.10

these sample :)

win32sux 10-28-2007 06:41 AM

Quote:

Originally Posted by lmcilwain (Post 2939343)
Is it possible/easy to block port 22 for specific IPs using the terminal or some application? Right now I have it open to the world and its bothering me to see all the break-in attempts.

Yes, you can easily deny access to port 22 from specific IPs like:
Code:

iptables -I INPUT -p TCP --dport 22 -s $BAD_IP_GOES_HERE -j DROP
But you would probably be much better-off having this happen automatically for those IPs trying to "break in". That is where tools like Fail2Ban come in. Also, as has already been said, changing SSHD to listen on a non-default port can drastically reduce the amount of automated brute-force attacks you experience. See the Failed SSH login attempts sticky at the top of the forum for more info.


All times are GMT -5. The time now is 07:55 PM.