[Request] Adding a ban fonctionnality to SSH

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
mathieubzh

[Request] Adding a ban fonctionnality to SSH

Post by mathieubzh »

Hi Fourdee!

I have a new sudgestion/idea :D

Can you add a bannish system to the distrib to ban a connexion ssh like fail2ban or similary?
Actually i have install the package fail2ban.

there are many options but i haven't modify any of them.

Mathiou
User avatar
Fourdee
Site Admin
Posts: 2787
Joined: Tue Feb 06, 2007 1:36 pm

Re: [Request] Adding a ban fonctionnality to SSH

Post by Fourdee »

mathieubzh wrote:Hi Fourdee!

I have a new sudgestion/idea :D

Can you add a bannish system to the distrib to ban a connexion ssh like fail2ban or similary?
Actually i have install the package fail2ban.

there are many options but i haven't modify any of them.

Mathiou
Hi Mathiou,

I've only had a quick look, but Fail2ban looks interesting. The only downside of fail2ban is that it requires webserver access logging to function. This could further reduce the performance of all webserver stacks, especially when using "Full" rsyslog/logrotate logging mode.

I'll take a indepth look into fail2ban in the near future.

Edit, updated ssh method:

If your only looking to control who connects to your SSH server, try the following:
- use dietpi-software to change your SSH server to OpenSSH
- edit /etc/ssh/sshd_config
- Uncomment the line #ListenAddress 192.168.0.10
- Change the IP address to the IP of your RPi device.
- Save, exit and restart ssh. service ssh restart

eg: my RPi has the IP address of 192.168.0.100:

Code: Select all

ListenAddress 192.168.0.100
Further information and methods on limiting SSH server connections is here: http://askubuntu.com/questions/115940/h ... al-network
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
DietPirate

Re: [Request] Adding a ban fonctionnality to SSH

Post by DietPirate »

You can also use iptables to only allow ssh connections from specific ip addresses
Post Reply