Iptables rule to safeguard SSH server from crackers

Secured Shell or SSH is a service to enable users to access remote system securely. However, SSH servers depending on password-based authentication might be vulnerable to dictionary-based (or brute-force) attacks by crackers.

Luckily iptables can be used with ‘–limit-burst‘ and ‘–limit’ option to reduce the number of attempts and connection that a cracking tool can make in a period of time.

For example, in order to limit an IP address to making only 5 connections per minute in burst of 2 connections, you can use this iptables rules:

iptables -A INPUT -p tcp --dport ssh -m limit --limit 5/minute --limit-burst 2 -j ACCEPT

This will result in the iptables will only allow up to 5 connections per minute with 2 maximum initial number of connections, which will make any brute-force or dictionary-based attack uneconomical/unfeasible for the server.

Read more about iptables –limit and –limit-burst in Linux Iptables Limit the number of incoming tcp connection / syn-flood attacks

Restricting normal user account access on Ubuntu Server

Here’s a tip to restrict normal user account access so that common users may not be able to explore other directories beyond his/her own /home directory.

  • First you need to chmod all /home dir to 0700
  • Then, you need to set the default umask to 077, to do that, you ned to edit /etc/profile, and replace “umask 022” with “umask 077“.
  • Optionally, you can also update PAM configuration in /etc/pamd.d/common-session so that the line reads “pam_umask.so umask=077 usergroups

The tips has been adapted from – superuser.com

Howto solve ssh_exchange_identification: Connection closed by remote host error

I’ve keep getting the message “ssh_exchange_identification: Connection closed by remote host error” after I managed to finalized my CRUX linux on my decTOP box today. After enough looking into documentations, I finally found out that I need to edit the “/etc/hosts.allow” file to allow SSH connection, for example:


#/etc/hosts.allow
sshd:ALL

or for more conservative setting


#/etc/hosts.allow
sshd:LOCAL
sshd:192.168.1.0/255.255.255.0

I can connect ssh to my box normally after that.

Howto make SSH listens on multiple port

Although it is a security risks, it is possible to make OpenSSH listens on multiple port.

To do that, you need to edit /etc/ssh/sshd_config file. and enable the “GatewayPorts” option.

AllowTcpForwarding no
GatewayPorts yes
X11Forwarding no
#X11DisplayOffset 10

Look for the line that contain “Port 22”, and uncomment it if necessary, and add additional Port line to enable OpenSSH to listen to other ports. Like this:

Port 22
Port 80
Port 1025

The example will enable OpenSSH to listen to port 22,80,1025 simultaneously. Don’t forget to restart SSH service to enable the change by running :

sudo /etc/inet.d/sshd restart

Warning: Running SSH on multiple port may cause security risk, you have been warned!

Recommended Reading