Home > SSH > Limit SSH Login Attempts

Step 1. Specifies the max. no. of login attempts per connection

vim /etc/ssh/sshd_config

MaxAuthTries 6

Step 2. Restart sshd

/etc/init.d/sshd restart

Step 3. Add rules to iptables (block each IP address for 300 seconds which establishe more than 10 connections within 300 seconds)

iptables -N SSHATTACK
iptables -A SSHATTACK -j LOG --log-prefix "iptables deny: ssh attack " --log-level 7
iptables -A SSHATTACK -j DROP
iptables -A INPUT -i eth0 -p tcp -m state --dport 22 --state NEW -m recent --set
iptables -A INPUT -i eth0 -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 300 --hitcount 11 -j SSHATTACK

Step 4. Save iptables

/etc/init.d/iptables save

Step 5. Create iptables.log

vim /etc/rsyslog.d/iptables.conf

:msg,contains,"iptables deny:" /var/log/iptables.log
& ~

Step 6. Define the log rotation policy and frequency for iptables.log

vim /etc/logrotate.d/iptables

/var/log/iptables.log {
daily
missingok
notifempty
rotate 7
size 25M
delaycompress
dateext
maxage 30
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}

Step 7. Restart rsyslog

/etc/init.d/rsyslog restart

References:
http://serverfault.com/questions/275669/ssh-sshd-how-do-i-set-max-login-attempts
http://bhira.net/iptables-for-centos/



Flag Counter