Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 30 September 2023, 01:00:28 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14220 Posts in 4364 Topics by 6439 Members
Latest Member: itss
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Dinamically block ip's
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Dinamically block ip's  (Read 7994 times)
Sr. Member
Offline Offline

Gender: Male
Posts: 236

« on: Thursday 09 February 2017, 07:43:10 pm »

my endian firewall has ssh opened to external. the password is strong but I'd like to block an ip after 3 failed access
is it possible?

IT Consultant
Hardware & Software
Hero Member
Offline Offline

Posts: 495

« Reply #1 on: Tuesday 21 February 2017, 03:27:15 am »

Limit that SSH as must as you can!!!!

1-You should install fail2ban somehow (never tried on Endian). Fail2ban is the defacto standard for blocking brute force attacks. It works on many services, not only SSH, but it's a bit hard to setup. https://www.fail2ban.org
2-Limit SSH access to some IP ranges, the ones you know you'll connect. Like for example your country, or your ISP/cellphone ISP. Also limit access to only the SSH port.
3-Change your SSH port, just to avoid scanners.
4-As an increased security measure, you can also try 2 factor authentication, SSH works fine with Google Authenticator/FreeOTP. So you'll need the password and a token (from your Android phone) to access it. Yet again, I never installed it on Endian.

I think this should be the optimal security you need to secure SSH properly.
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.069 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com