Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 17 December 2024, 08:42:39 am

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Dinamically block ip's
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Dinamically block ip's  (Read 17086 times)
mmiat
Sr. Member
****
Offline Offline

Gender: Male
Posts: 236


WWW
« on: Thursday 09 February 2017, 07:43:10 pm »

hi
my endian firewall has ssh opened to external. the password is strong but I'd like to block an ip after 3 failed access
is it possible?
thanks
Logged

---------------------
IT Consultant
www.fsw.it
Hardware & Software
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Tuesday 21 February 2017, 03:27:15 am »

Limit that SSH as must as you can!!!!

1-You should install fail2ban somehow (never tried on Endian). Fail2ban is the defacto standard for blocking brute force attacks. It works on many services, not only SSH, but it's a bit hard to setup. https://www.fail2ban.org
2-Limit SSH access to some IP ranges, the ones you know you'll connect. Like for example your country, or your ISP/cellphone ISP. Also limit access to only the SSH port.
3-Change your SSH port, just to avoid scanners.
4-As an increased security measure, you can also try 2 factor authentication, SSH works fine with Google Authenticator/FreeOTP. So you'll need the password and a token (from your Android phone) to access it. Yet again, I never installed it on Endian.

I think this should be the optimal security you need to secure SSH properly.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 20 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com