Kuo Lab Wiki

User Tools

Site Tools

You are here: start » computers » ssh_security
computers:ssh_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
computers:ssh_security [2020/08/07 14:29] chkuocomputers:ssh_security [2023/03/28 14:40] (current) – [Limit by IP address] chkuo
Line 18: Line 18:
 <file> <file>
 # /etc/hosts.allow # /etc/hosts.allow
-# allow intranet-ethernet IPs (192.168.1.*)+# allow intranet IPs (192.168.1.*) 
 +# allow IPMB IPs (172.*.*.*)
 # allow Academia Sinica IPs (140.109.*.*) # allow Academia Sinica IPs (140.109.*.*)
-sshd: 192.168.1., 140.109.: allow+sshd: 192.168.1., 172., 140.109.: allow
 </file> </file>
  
-Other IP ranges: +
-  * Hinet: 118.160.0.0 - 118.167.255.255, 118.168.0.0 - 118.171.255.255+
 ===== Check log files ===== ===== Check log files =====
 Mac:  Mac: 
Line 45: Line 45:
 <code bash> <code bash>
 # install # install
-sudo apt-get install fail2ban+sudo apt install fail2ban
 # edit the conf file /etc/fail2ban/jail.conf as necessary # edit the conf file /etc/fail2ban/jail.conf as necessary
 # for example, increase 'bantime' or reduce 'maxretry' to enhance the security level # for example, increase 'bantime' or reduce 'maxretry' to enhance the security level
Line 56: Line 56:
 # check client status # check client status
 sudo fail2ban-client status sudo fail2ban-client status
 +sudo fail2ban-client status sshd
 # check log # check log
 cat /var/log/fail2ban.log cat /var/log/fail2ban.log
 +# unban
 +sudo fail2ban-client set sshd unbanip xxx.xxx.xxx.xxx
 </code> </code>
  
computers/ssh_security.1596781761.txt.gz · Last modified: 2020/08/07 14:29 by chkuo