On a Plain Linux Box how do I stealth port 22 except to trusted ip addresses? I use Bastille and for example purposes let's say my ip address is 12.34.56.78. Where and what would I insert in Bastille or elsewhere to deny all access to port 22 except for IP address 12.34.56.78?

Additionally, if port 22 is not stealth, is there a way to block access once someone has failed X password attempts?

Thanks in advance.

You should look into iptables firewall. Just setup a rule to block any connection coming into port 22 except the trusted IPs.

As for blocking failed password attempts, I assume you don't want login lock down. (you won't be able to login as root then). There is no way to block a specific IP after failed password attempts from that IP (at least not that I know of).

Peter

Typically ports reported as "stealth" in user friendly scanners just means that the packet was dropped instead of rejected. Two different means of denying access with a firewall rule. Dropping the packet is almost always going to be recommended, so as to save on overhead.

When you set up iptables, just make sure you select the proper method for your "stealth" mode.

I also can't think of any easy way to dynamically create a firewall rule based on SSH authentication failures.

Originally posted by LinuxWannabe


Additionally, if port 22 is not stealth, is there a way to block access once someone has failed X password attempts?

Thanks in advance.

Yes, but it aint pretty :)
Take the POP-BEFORE-RELAY view: write a perl script to monitor the logs, once a failed attempt is reported, the script increases the count for the ip, once it gets to X attempts, script just adds a firewal rule to block the IP

BUT you should be warned, not realizing caps lock is on, or a fat finger, or your spouce on your home pc (for some reason) getting the wrong pw could lock you out........