Wednesday, October 14, 2009

Securing machine from any kind of SSH access

Try to locate the that whether you machine is set to accept all SSH connections under the IPTABLES rules.

# iptables -L INPUT --line-numbers|grep ssh
[will list all the rules applied to the incoming traffic over SSH]
Try to locate the following entry [if it exists in the list shown]
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
remove the entry as its defined to accept all the incoming traffic over SSH,and this is how to.
Just pick the row number of the entry [the first column,say its 4th],and then list it using
# iptables -L INPUT 4
and then delete it using
# iptables -D INPUT 4
Now to stop SSH to your machine,just fire the following command.
# iptables -A INPUT -p UDP --dport 22 -j REJECT
# iptables -A INPUT -p TCP --dport 22 -j REJECT
Save the rules.
# service iptables save
Restart the service
# service iptables restart
All this could also have been done by just shutting down the SSH service,but the idea was to try hands at IPTABLES


Post a Comment