For some reason, our corporate network blocks certain ports. Actually, the usual ports that I use to connect to my VPS like port 22 (SSH) and 21(FTP/SFTP). I needed to change the listening port of my SSH in order to .

Change SSH Listening Port

vi /etc/ssh/sshd_config

after the edit dont forget to restart
/etc/init.d/sshd restart
or
service sshd restart

Brute Force SSH Attack


iptables -A INPUT -p tcp --dport 22 -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 22 -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT

Limit SSH Connections


iptables -A INPUT -p tcp --dport 22 --syn -m limit --limit 1/m --limit-burst 3 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 --syn -j DROP

Limit User Login

AllowUsers alice bob

OK, this isn’t right. There’s certain reasons why our office disabled those ports. Maybe we abused it. Maybe it isn’t right that I’m tinkering on my servers while in the office. Maybe I should only do my job whenever in the office. I’m paid to do my job and not my websites. hehehe.

Whatever.

Source:
http://wiki.centos.org/HowTos/Network/SecuringSSH

Comments are closed.

Post Navigation