CAAD | ARCH Admin| Aizo | Archinf | BIP | Bgyalex | Brandhub | Catch0405 | Cityscan05 | CommunityMedia | Control | Curtain | Easa005 | Easydb | Education | Extern | Extern0405 | Freudenhaus | Fund | Game0405 | Game05 | Gamearch | Luise | MAS0506 | MAS0506stu | Mas0506 | Mas0506stu | Maschinen0405 | Menz | Mill | Mill0405 | NDS | NDS0405 | NDS0405stu | Plugins | Qwipp | RZM | Replay | Replay0405 | Research | Second | Trash | Udintern | Urbandesign |
TWiki . Admin . SSHAccess

SSH Access for CAAD server

To restrict the amount of log messages generated by brute force ssh access hacking all CAAD servers should be protect by the following SSH iptables rule. 

export EXCEPTIONS="217.162.112.0/23 129.132.0.0/16 131.246.0.0/16"
for sshrule in $(iptables -L INPUT --line-numbers | grep SSH | cut -f1 -d" " | sort -rn)
do
  iptables -D INPUT $sshrule
done
iptables -F SSH
iptables -X SSH
iptables -N SSH
iptables -I INPUT -p tcp --dport ssh -j SSH
iptables -I INPUT -p udp --dport ssh -j SSH
for adress in $EXCEPTIONS
do
  iptables -I SSH -s $adress -j ACCEPT
done
iptables -A SSH -j DROP

-- TorstenSpindler - 06 Jun 2005


Topic SSHAccess . { Edit | Attach | Ref-By | Printable | Diffs | r1.1 | More }

Copyright © 1999-2003 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Revision r1.1 - 06 Jun 2005 - 14:57 - TorstenSpindler
Parents: WebHome 		Copyright © 1999-2003 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.

This website has been archived and is no longer maintained.