From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Samuel Subject: Re: SSH allow only form selected IP' Date: Wed, 18 Aug 2004 03:46:28 -0700 Sender: linux-admin-owner@vger.kernel.org Message-ID: <41233384.7000106@bcgreen.com> References: <1216.66.189.78.234.1092581976.squirrel@srv01.scriptgods.com> <41209945.40205@lovedthanlost.net> <20040816193418.FA8B.SAVAGE-GARDEN@hanikamail.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20040816193418.FA8B.SAVAGE-GARDEN@hanikamail.com> List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Kev , linux-admin@vger.kernel.org blocking using iptables is easily the most efficient if you're dealing with a DDOS situation. It blocks at the kerrnel, so the opening packet is never accepted and sshd is never called. Any other solution is likely to require an open connection and a process to deal with things. I actually can't find a way to get sshd to only allow certain hosts by IP address. AllowHosts used to work, but seems to be missing fromm the mosth recent sshd_config format Kev wrote: > I did both, i blocked IP's with iptbels and i also configured SSH Demean > to only allow connections form given IP's > > my server was down like 2-3 times a week due to DDOS attach or some one > running a attach on my SSH, now the server seem to be running fine. > > oh yeah and i also blocked all ICMP communication and only allowed form > my IP only :) -- Stephen Samuel +1(604)876-0426 samuel@bcgreen.com http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bringing it to light.