Find the answer to your Linux question:
Results 1 to 10 of 10
How to block some ip / domain, if I found they were trying illegally ssh to my machine?...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2005
    Posts
    40

    block some ip -illegal try by ssh


    How to block some ip / domain, if I found they were trying illegally ssh to my machine?

  2. #2
    Linux Guru Vergil83's Avatar
    Join Date
    Mar 2004
    Posts
    2,407
    with route you can
    Code:
    /sbin/route add -host ip_address reject
    Man Route

    with iptables you can
    Code:
    iptables -I INPUT -s ip_address -j DROP
    Man Iptables
    Brilliant Mediocrity - Making Failure Look Good

  3. #3
    Just Joined!
    Join Date
    Aug 2005
    Posts
    40
    1. Thanx, It works.

    2. How to restrict
    a) some users using ssh login
    b) some users using telnet login
    c) block others servces except dns, ftp, www. ssh - They are for temporay use, After I go thru the details, I will config them for my purpose. I want to do something at this moment.

    3. Drop me some links for iptables you recomend.

  4. #4
    Linux Enthusiast
    Join Date
    Aug 2005
    Location
    Hell
    Posts
    514
    Quote Originally Posted by sf433
    How to restrict some users using ssh login
    Perhaps use the "DenyUsers" option in your /etc/ssh/sshd_config (see "man sshd_config")?

    Also as a side note, if someone hacked into your computer, perhaps you should run the chkrootkit and rkhunter programs to check for rootkits.

  5. #5
    Linux Newbie
    Join Date
    Aug 2005
    Posts
    213
    hi, just wanted to ask a quick question here.....

    how will i come to know that someone is hooked to my pc or is
    trying to hook using ssh / telnet ?
    Cool Surfer - Registered linux user #397629

  6. #6
    Linux Newbie deek's Avatar
    Join Date
    Mar 2005
    Location
    Fort Wayne, IN
    Posts
    248
    You can always check your access logs, which will list every attempt to login through ssh or telnet...

    If you have sshd running, I would probably disable telnet and close that port on your router...
    Join the Open Source Revolution. Support GNU/Linux.

    Find me at: www.deeksworld.com
    Registered GNU/Linux User #395777

  7. #7
    Linux Newbie
    Join Date
    Aug 2005
    Posts
    213
    Any visual firewall thing ??!! like in windows zone alarm etc.
    Cool Surfer - Registered linux user #397629

  8. #8
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Another option is tcp wrappers. If you're launching sshd via the inetd server, you can modify allowed / blocked networks using /etc/hosts.allow and /etc/hosts.deny. If you're launching sshd via xinetd I believe each service has its own file (rather than a general file with many entries like inetd uses).

  9. #9
    Linux Guru loft306's Avatar
    Join Date
    Oct 2003
    Location
    The DairyLand
    Posts
    1,666
    Quote Originally Posted by sf433
    1. Thanx, It works.

    2. How to restrict
    a) some users using ssh login
    b) some users using telnet login
    c) block others servces except dns, ftp, www. ssh - They are for temporay use, After I go thru the details, I will config them for my purpose. I want to do something at this moment.

    3. Drop me some links for iptables you recomend.
    just dont allow root login and 90% of the problem is gone!

    and in the sshd config file you can allow only certais users to login with ssh

    you can also switch authentication to a private 'key' and only the approved users are given that key! instead of using there user password
    ~Mike ~~~ Forum Rules
    Testing? What's that? If it compiles, it is good, if it boots up, it is perfect. ~ Linus Torvalds
    http://loft306.org

  10. #10
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    how will i come to know that someone is hooked to my pc or is
    trying to hook using ssh / telnet ?
    What distro? As was mentioned, /var/log/messages (for SuSE anyway) contains your SuSEfirewall2 messages along with accepted and failed logins.

    You can use
    Code:
    w
    to see who is doing what on your system.

    You can use
    Code:
    netstat -atun
    to look at active and listening ports.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •