Securing SSH Server


SSH Server is a frequent target of brute-force attack to get into your system. Here is a script to block unwanted connections.

# variables
FW=/sbin/iptables    # iptables command
SSHPORT=22           # port sshd is listening to

# insert the rules
${FW} -N SSH
${FW} -N SSH_ABL
${FW} -A SSH -m recent --name SSH_ABL --update --seconds 3600 -j REJECT
${FW} -A SSH -m recent --name SSH --rcheck --seconds 60 --hitcount 5 -j SSH_ABL
${FW} -A SSH_ABL -m recent --name SSH_ABL --set -j LOG --log-level warn --log-prefix "ABL:  SSH: "
${FW} -A SSH_ABL -j REJECT
${FW} -A SSH -m recent --name SSH --rcheck --seconds 2 -j LOG --log-level warn --log-prefix "RATE: "
${FW} -A SSH -m recent --name SSH --update --seconds 2 -j REJECT
${FW} -A SSH -m recent --name SSH_ABL --remove -j LOG --log-level warn --log-prefix "ABL: -SSH: "
${FW} -A SSH -m recent --name SSH --set -j ACCEPT
${FW} -A INPUT -m state --state NEW -p tcp -m tcp --dport ${SSHPORT} -j SSH

Note: This script is a slight modification of http://www.itwire.com/content/view/13841/53/1/1/