Differences

This shows you the differences between two versions of the page.

--- computers:ssh_security [2011/09/26 14:35] – [Limit by IP address] chkuo
+++ computers:ssh_security [2023/03/28 14:40] (current) – [Limit by IP address] chkuo
@@ Line 8: / Line 8: @@
 ===== Limit by IP address =====
-First: deny connection from all
+First: deny connection from all in ''/etc/hosts.deny''
 <file>
 # /etc/hosts.deny
@@ Line 15: / Line 15: @@
 </file>
-Second: specify the allowed IPs
+Second: specify the allowed IPs in ''/etc/hosts.allow''
 <file>
 # /etc/hosts.allow
+# allow intranet IPs (192.168.1.*)
+# allow IPMB IPs (172.*.*.*)
 # allow Academia Sinica IPs (140.109.*.*)
-# allow intranet-ethernet IPs (192.168.1.*)
+sshd: 192.168.1., 172., 140.109.: allow
-# allow intranet-wireless IPs (10.0.1.*)
-sshd: 140.109., 192.168.1., 10.0.1. : allow
 </file>
-Other IP ranges:
-  * Hinet: 118.160.0.0 - 118.167.255.255, 118.168.0.0 - 118.171.255.255
 ===== Check log files =====
 Mac:
 <code bash>
-more /var/log/secure.log
+grep sshd /var/log/system.log
 </code>
@@ Line 36: / Line 35: @@
 <code bash>
-more /var/log/auth.log
+grep sshd /var/log/auth.log
 </code>
+===== Fail2ban =====
+Install [[http://www.fail2ban.org/|fail2ban]]
+Ubuntu:
+<code bash>
+# install
+sudo apt install fail2ban
+# edit the conf file /etc/fail2ban/jail.conf as necessary
+# for example, increase 'bantime' or reduce 'maxretry' to enhance the security level
+# restart the service
+sudo /etc/init.d/fail2ban restart
+# regex test
+sudo fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf
+# check status
+sudo /etc/init.d/fail2ban status
+# check client status
+sudo fail2ban-client status
+sudo fail2ban-client status sshd
+# check log
+cat /var/log/fail2ban.log
+# unban
+sudo fail2ban-client set sshd unbanip xxx.xxx.xxx.xxx
+</code>
+If registered at [[http://www.blocklist.de]], edit ''/etc/fail2ban/jail.conf'' to add:
+<code bash>
+destemail = fail2ban@blocklist.de
+sendermail = fail2ban@your-server.tld
+</code>