FedoraForum.org - Fedora Support Forums and Community
Results 1 to 7 of 7
  1. #1
    Join Date
    Nov 2004
    Posts
    104

    Using FirewallD to block brute force SSH attacks

    Hi All,

    Any thoughts on how I could use FirewallD to block brute force SSH attacks?

    I've come across several custom rules for IP tables that would seem to do this but not for FirewallD.

    I've also looked into Fail2Ban but struggled to get it working properly.

    I know in theory I should only allow access to SSH from certain IPs but as this is only a home server and I travel a lot, I'd really like to be able to access it from wherever I happen to be.

    Also please note I'm still a bit of a noob at this stuff

    Many thanks in advance for any help!

    E-I

  2. #2
    Join Date
    Nov 2008
    Location
    Canada
    Posts
    2,719

    Re: Using FirewallD to block brute force SSH attacks

    1. Move ssh to an obscure port
    2. Don't use passwords
    3. Denyroot login

    fail2ban is what you really want. With iptables or firewalld; maybe run sshd on eth0, accept input from your local subnet (192.168.1.0/24(?)) and a vpn range (tun# @ 172.16.37.0/24(?), where tun# is an openvpn interface, and drop or deny the rest. Or make ssh available on a vpn only.

  3. #3
    Join Date
    Nov 2004
    Posts
    104

    Re: Using FirewallD to block brute force SSH attacks

    Hi Beaker,

    Many thanks for the response.

    I understand points 1 and 3, but not 2? How can I not use passwords?

    I had fail2ban working a while back on FC17 before I upgraded to FC20, but I've struggled getting it working with either Firewalld or iptables. On my last attempt using iptables everything seemed to be installed and configured correctly but it was not banning.

    This has been partly prompted by the lovely people based in China and New Mexico who have been trying to hack the box (I did whois on thier IPs and its consistently two IP addresses trying to gain access.). It was when I logged in via ssh and saw several thousand failed logins I realised I had a bit of an issue.... Currently I've just disabled SSH completely on my router while I work out my next steps.

    Again, I appreciate the advice and apologise that I don't always understand it, as I'm very much a home user who muddles thorugh.

    I'll look into the openvpn side of things, unfortunately my only experience of vpn is being a client on my offices Sonicwall SSL vpn, so I'll need to do a bit of research.

    Anyway, the nice thing about this sort of stuff is that I always learn something new!

    Thanks,

    E-I

  4. #4
    Join Date
    Nov 2008
    Location
    Canada
    Posts
    2,719

    Re: Using FirewallD to block brute force SSH attacks

    For #2.

    http://www.linuxhomenetworking.com/w...OpenSSH_Server
    http://docs.fedoraproject.org/en-US/...-keypairs.html

    That normally kills them all.

    Most of my hits originate in paris texas, atlanta and some town in florida. China and Russia to but they're usually in squid's log. But I digress...

    Openvpn's hurtle is tall but, depending how much networking you do, can become the goto tool for securing inherently insecure protocols and applications.

  5. #5
    pete_1967 Guest

    Re: Using FirewallD to block brute force SSH attacks

    Not familiar with FirewallD, but it is also easy to set up port knocking on Iptables (some great help for that at http://www.portknocking.org/) if you've had issues with fail2ban (a great tool for lot more than just protecting SSH)

  6. #6
    Join Date
    Jan 2011
    Posts
    1,116

    Re: Using FirewallD to block brute force SSH attacks

    fail2ban (fedora/20/x86_64 repo) would do that.
    Is it not easier?

    or you want to learn how to do it?

    I think that is one of the best course of actions possible at the moment, scan the logs for failed login attempts and if a pre set number is reached temporarily rewrite the firewall rules to ban that IP from trying which makes it impossible to brute force anything.

  7. #7
    Join Date
    Nov 2004
    Posts
    104

    Re: Using FirewallD to block brute force SSH attacks

    Many thanks for all the replies!

    Works got in the way of things the last few days so I haven't had a chance to put any of this into action.

    Beaker, thanks for the links, thats good to know and will certainly help.

    Pete, I'll look into port Knocking too.

    Dobbi, yes Fail2Ban is exactly what I need really, I've just had real issues getting it working in FC20 (had it running fine in FC17). I tried it both with FirewallD and with iptables and had issues with both. I think some of the problem is that the howtos and tutorials I can find are a bit dated and I struggle to make sense of it all (as previoously mentioend, I'm a bit of a noob I'm afraid). I also find the 0.9 version of Fail2bans config file quite confusing....

    I'm going to look into OpenVPN and all the other things mentioned, and maybe have another crack at Fasil2Ban too.

    ANyway, thanks for all the advice eeveryone, I really appreciate it :-) and I'll let you know how i get on.

    E-I

Similar Threads

  1. Remote SSH Brute Force
    By jtang613 in forum Security and Privacy
    Replies: 10
    Last Post: 11th August 2008, 05:38 AM
  2. Secure my SSH from brute force attacks?
    By Firewing1 in forum Security and Privacy
    Replies: 11
    Last Post: 4th February 2006, 04:41 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •