Skip to content

Securing ssh by iptables rules

Securing ssh by iptables rules published on 3 Comments on Securing ssh by iptables rules

I secured my ssh server in simple way – with iptables rules which will be blocking attackers. I setup my iptables in such way, that it is allowing only one tcp syn packet to ssh port per minute from one ip address. With aditional configuration of sshd daemon the rules will allowing for once login attempt per minute.
iptables rules:

Another example with this iptables rules:

We allows up to three connections per hour. After we reaches this three connections per hour, the hashlimit-htable-expire rule starts to counting 10 minutes (600000ms). In this time you can not connect again to ssh.

/etc/ssh/sshd_config – this is important, with this, sshd will be closing ssh connections after authentication failure, thus attacker will have to create new ssh connection (and tcp connection) to try again. This fact (new syn packet) will by noticed by iptables

You can check the blocked addresses:

This rules very limited strength of attacks on my ssh.

Please test this first with another server access!