A Linux host connected to the Internet is not a secret to someone probing your ssh password.
Recently found that my machine by hackers from various countries are constantly measured in the violent guessing password, can't afford such a toss!
Later found a software to prevent such an attack, very effective!
Here's my configuration:
Download Source Package Installation
Address: Http://www.fail2ban.org/wiki/index.php/Main_Page
Upload to Server
Installation
#tar XVFJ fail2ban-0.8.4.tar.bz2
#cd fail2ban-0.8.4
#python setup.py Install
The service is automatically set to start when the installation is complete
Before you need to start the iptables of the system
Configuration:
# vi/etc/fail2ban/jail.conf
# cheat IP Range If there are more than two groups with white space as the interval
IGNOREIP = 127.0.0.1
# Set the IP blocked time (seconds), if the value is-1, the representative forever blocked
Bantime = 86400
# set the number of times to reach Maxretry to block
Findtime = 600
# Number of attempts allowed
Maxretry = 3
[Ssh-iptables]
# Open SSH Blocking rule
Enabled = True
Filter = sshd
Action = Iptables[name=ssh, port=22, Protocol=tcp]
#不发送邮件
#sendmail-whois[name=ssh, dest=you@mail.com, sender=fail2ban@mail.com]
#ssh failed log path
LogPath =/var/log/secure
Start Fail2ban
Service Fail2ban Start
Start Fail2ban
Fail2ban-client start
Close Fail2ban
Fail2ban-client stop
Fail2ban-client status
See the rules for iptables more IPTABLES-SSH rules
Iptables-l
Chain INPUT (Policy ACCEPT)
Target Prot opt source destination
This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/
Fail2ban-ssh TCP--anywhere anywhere TCP DPT:SSH
Fail2ban-ssh TCP--anywhere anywhere TCP DPT:SSH
Chain Fail2ban-ssh (2 references)
Target Prot opt source destination
DROP All--122.102.64.54 anywhere
# This has a blocked IP reject time based on your profile setting time about what I set up is the day
Return all-anywhere anywhere
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SSH 192.168.1.2 on other machines
Three consecutive wrong password
Use command fail2ban-client status Ssh-iptables
View blocking status
Or
Fail2ban-client status
Status
|-Number of JAIL:1
'-Jail List:ssh-iptables
Test results:
#fail2ban-client Status Ssh-iptables
Status for the Jail:ssh-iptables
|-Filter
| |-File list:/var/log/secure
| |-currently failed:0
| '-Total Failed:3
'-Action
|-currently Banned:1
| '-IP list:192.168.1.1
'-Total banned:1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
We're looking at Fail2ban's log records.
2010-05-17 16:57:23,964 Fail2ban.actions:WARNING [ssh-iptables] Ban 192.168.1.1
2010-05-17 21:35:00,449 Fail2ban.actions:WARNING [ssh-iptables] Ban 218.108.85.244
2010-05-18 03:56:34,986 Fail2ban.actions:WARNING [ssh-iptables] Ban 59.39.66.30
The blocked IP is logged
Successfully blocked SSH password guessing
This is just to prevent one of the SSH attacks, the configuration file there are other service configuration, and so on time I slowly posted up!
This article is from the "Shadow Knight" blog, please be sure to keep this source http://andylhz2009.blog.51cto.com/728703/317395