In Iptables you can keep port 22 closed until needed, opening it first by telneting to a higher port say 5500 and Iptables just giving access to this ip. If you want to close it again you can telnet back in on another assigned port say 5501, thus closing ssh port to that ip.
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m recent --rcheck --name SSH -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5500 -m recent --name SSH --set -j DROP -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5501 -m recent --name SSH --remove -j DROP
Thanks, Patrick.
Moving sshd from port 22 to port 137, 138 or 139. Nasty eh?
don't do that! Lots of (access) isps around the world (esp here in Europe) block those ports
If you're going to move sshd somewhere else, port 443 is a fine choice. Rarely blocked, rarely probed by ssh kiddies. It's probed all the time by malicious web spiders, but since you're not a web server, you don't care.
R's, John
This e-mail contains confidential information or information belonging to Servecentric Ltd and is intended solely for the addressee(s). The unauthorized disclosure, use, dissemination or copy (either in whole or in part) of this e-mail, or any information it contains, is prohibited. Any views or opinions presented are solely those of the author and do not necessarily represent those of Servecentric Ltd. E-mails are susceptible to alteration and their integrity cannot be guaranteed. Servecentric shall not be liable for the contents of this e-mail if modified or falsified. If you are not the intended recipient of this e-mail, please delete it immediately from your system and notify the sender of the wrong delivery and of the email's deletion.
On 11/16/05, Patrick Lynchehaun <plynchehaun@servecentric.com> wrote:
In Iptables you can keep port 22 closed until needed, opening it first by telneting to a higher port say 5500 and Iptables just giving access to this ip. If you want to close it again you can telnet back in on another assigned port say 5501, thus closing ssh port to that ip.
Yup. AKA "port knocking" which I think someone did mention upthread
participants (2)
-
Patrick Lynchehaun
-
Suresh Ramasubramanian