Sonntag, 23. November 2014

Limit the number of simultaneous SSH connections

Brute-force attacks on user passwords via SSH work, because SSH does not limit the number of simultaneous connections. If you use SSH and Screen to manage your host, you will most likely never need more than three connections.

  1. A connections for the Screen session.
  2. A connections to transfer files with SCP.
  3. And a spare connection, if your Screen connection hangs or you need another simultaneous file transfer.

This means that it is sufficient to allow three TCP SYN packets on port 22. The following command inserts the appropriate rule at the beginning of the Netfilter INPUT chain.

iptables -I INPUT 1 -p tcp --syn --dport 22 \
         -m connlimit --connlimit-above 3 --connlimit-mask 32 \
         -j DROP

Keine Kommentare: