Home Home > 2009 > 06 > 22 > Stop ssh brute force attack using SuSEfirewall
Sign up | Login

Stop ssh brute force attack using SuSEfirewall

June 22nd, 2009 by

Edit /etc/sysconfig/SuSEfirewall2:

#do not open ssh ports here
FW_SERVICES_EXT_TCP=""
FW_CONFIGURATIONS_EXT=""

#add this rule
FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"

#Restart firewall:
rcSuSEfirewall2 restart

Now attacker will just have three attempts to break in.

Both comments and pings are currently closed.

2 Responses to “Stop ssh brute force attack using SuSEfirewall”

  1. Very nice, thanks for that. I always eschewed SuSEfirewall2 thinking it was limited compared to using iptables directly. I’m starting to think differently as I research it for the YaST Education module.

  2. rgb

    Not three attempts. Three connections, in which multiple authentication attempts (see MaxAuthTries in sshd_config) can be made.

    NB: You do not want to set MaxAuthTries below 2, or otherwise the login procedure fails if it first tries a pubkey and then a password in case you do not have a matching key AND if you have not manually specified the auth method via ssh(1).