[Request] Adding a ban fonctionnality to SSH

Hi Fourdee!

I have a new sudgestion/idea :smiley:

Can you add a bannish system to the distrib to ban a connexion ssh like fail2ban or similary?
Actually i have install the package fail2ban.

there are many options but i haven’t modify any of them.

Mathiou

Hi Mathiou,

I’ve only had a quick look, but Fail2ban looks interesting. The only downside of fail2ban is that it requires webserver access logging to function. This could further reduce the performance of all webserver stacks, especially when using “Full” rsyslog/logrotate logging mode.

I’ll take a indepth look into fail2ban in the near future.

Edit, updated ssh method:

If your only looking to control who connects to your SSH server, try the following:

  • use dietpi-software to change your SSH server to OpenSSH
  • edit /etc/ssh/sshd_config
  • Uncomment the line #ListenAddress 192.168.0.10
  • Change the IP address to the IP of your RPi device.
  • Save, exit and restart ssh. service ssh restart

eg: my RPi has the IP address of 192.168.0.100:

ListenAddress 192.168.0.100

Further information and methods on limiting SSH server connections is here: http://askubuntu.com/questions/115940/how-can-i-setup-ssh-so-that-it-is-restricted-to-my-local-network

You can also use iptables to only allow ssh connections from specific ip addresses