{"id":17884,"date":"2013-03-14T10:44:59","date_gmt":"2013-03-14T08:44:59","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=17884"},"modified":"2013-03-14T10:44:59","modified_gmt":"2013-03-14T08:44:59","slug":"ssh-dynamic-black-list","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2013\/03\/14\/ssh-dynamic-black-list\/","title":{"rendered":"SSH dynamic black list"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"http:\/\/it.slashdot.org\/story\/13\/02\/16\/2129244\/ssh-password-gropers-are-now-trying-high-ports\">Slashdot<\/a> runs the post on how bots are now trying higher ports for SSH password guessing. \u00a0This is not a problem for those who do key-based authentication, but for those who have to have password authentication enabled, there is plenty of good advice in the comments to the post. \u00a0<a href=\"http:\/\/it.slashdot.org\/comments.pl?sid=3467925&amp;cid=42926311\">One of the comments<\/a> provides this handy iptables-based dynamic black list:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\niptables --new-chain SSHTHROTTLE\r\niptables --append SSHTHROTTLE --match recent --name bad_actors --update --seconds 86400 --jump DROP\r\niptables --append SSHTHROTTLE --match hashlimit --hashlimit-name ssh_throttle --hashlimit-upto 5\/hour --hashlimit-mode srcip --hashlimit-burst 2 --jump ACCEPT\r\niptables --append SSHTHROTTLE --match recent --name bad_actors --set --jump DROP\r\niptables --append INPUT --in-interface ext+ --proto tcp --match conntrack --ctstate NEW --dport 22 --syn --jump SSHTHROTTLE\r\n<\/pre>\n<p>I haven&#8217;t tried it out myself yet, but I&#8217;m saving it here for the next time I have a server with password-based authentication SSH.<\/p>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>Slashdot runs the post on how bots are now trying higher ports for SSH password guessing. \u00a0This is not a problem for those who do key-based authentication, but for those who have to have password authentication enabled, there is plenty of good advice in the comments to the post. \u00a0One of the comments provides this &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2013\/03\/14\/ssh-dynamic-black-list\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSH dynamic black list<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,6,133,62],"tags":[1633,200],"keyring_services":[],"class_list":["post-17884","post","type-post","status-publish","format-standard","hentry","category-general","category-linux","category-sysadmin","category-technology","tag-passwords","tag-security"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":35815,"url":"https:\/\/mamchenkov.net\/wordpress\/2019\/02\/23\/a-deep-dive-into-iptables-and-netfilter-architecture\/","url_meta":{"origin":17884,"position":0},"title":"A Deep Dive into Iptables and Netfilter Architecture","author":"Leonid Mamchenkov","date":"February 23, 2019","format":false,"excerpt":"It's been a while since I had to dive into the iptables and netfilter. These days I mostly have to do some basic configuration here and there, with occasional adjustments or troubleshooting (less and less so, thanks to Amazon AWS). But if drilled on the details, I quickly lose my\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28156,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/10\/31\/firewalld-configuration-and-usage\/","url_meta":{"origin":17884,"position":1},"title":"Firewalld configuration and usage","author":"Leonid Mamchenkov","date":"October 31, 2017","format":false,"excerpt":"If you are a Linux old-timer, who is used to iptables (or even ipchains, or even ... anyway), you might find \"Firewalld configuration and usage\" guide very handy.\u00a0 It covers firewalld concepts and provides a number of examples for zones, ports, services, interfaces and other bits and pieces that you\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27501,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/04\/09\/network-traffic-control-qos\/","url_meta":{"origin":17884,"position":2},"title":"Network Traffic Control (QOS)","author":"Leonid Mamchenkov","date":"April 9, 2017","format":false,"excerpt":"OpenWrt, which is a Linux distribution for embedded devices, website has a really handy HowTo on Network Traffic Control (QOS). Traffic Control is the umbrella term for packet prioritizing, traffic shaping, bandwidth limiting, AQM (Active Queue Management), QoS (Quality of Service), etc. This HowTo will help you understand and set\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":26308,"url":"https:\/\/mamchenkov.net\/wordpress\/2016\/08\/04\/setting-up-nat-on-amazon-aws\/","url_meta":{"origin":17884,"position":3},"title":"Setting up NAT on Amazon AWS","author":"Leonid Mamchenkov","date":"August 4, 2016","format":false,"excerpt":"When it comes to Amazon AWS, there are a few options for configuring Network Address Translation (NAT). \u00a0Here is a brief overview. NAT Gateway NAT Gateway is a configuration very similar to Internet Gateway. \u00a0My understanding is that the only major difference between the NAT Gateway and the Internet Gateway\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12267,"url":"https:\/\/mamchenkov.net\/wordpress\/2010\/03\/19\/copy-ssh-key-to-remote-machine\/","url_meta":{"origin":17884,"position":4},"title":"Copy SSH key to remote machine","author":"Leonid Mamchenkov","date":"March 19, 2010","format":false,"excerpt":"Those of us who use secure shell (SSH) for logging in to remote machines, already know about key authentication, which is so much easier and sometimes more secure than password authentication.\u00a0 We also know that in order to make it work you need to: generate a pair of keys with\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":16995,"url":"https:\/\/mamchenkov.net\/wordpress\/2012\/12\/07\/the-passwords-are-officially-obsolete\/","url_meta":{"origin":17884,"position":5},"title":"The passwords are officially obsolete","author":"Leonid Mamchenkov","date":"December 7, 2012","format":false,"excerpt":"Slashdot is reporting the story: a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/17884","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=17884"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/17884\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=17884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=17884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=17884"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=17884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}