[arm-allstar] fail2ban

David McGough kb4fxc at inttek.net
Fri Mar 27 10:24:22 EDT 2020 

Hi Wayne,

asterisk and ssh are two completely different and unrelated applications.  
So, I assume that what you're really asking is: I want to control
attempted ssh access to my Raspberry Pi, where I also run asterisk.

I run fail2ban on a lot of systems and it can be a serious resource hog,
particularly if/when a system if under attack. So, I do NOT typically
recommend fail2ban for HamVoIP RPi installs; particularly when you're just 
trying to control ssh access.

The better and very simple solution takes only 2 steps. First, HIDE ssh on 
an obscure port. For example, use port 9876 for ssh. DO NOT use ANY port 
ending with 22. So, don't use port 22, 222, 2222, 8822, etc.

Second, add iptables rate limit rules. These rules will block connections 
to ssh (or any configured TCP port) if too many connections are attempted 
in a defined time window.  Here are example iptables rules for port 9876 
which should help you get started:

iptables -p tcp --dport 9876 -m conntrack --ctstate NEW -m recent --set

iptables -p tcp --dport 9876 -m conntrack --ctstate NEW -m recent --update --seconds 180 --hitcount 5 -j LOG --log-prefix "IPTables Dropped: " --log-level 4

iptables -p tcp --dport 9876 -m conntrack --ctstate NEW -m recent --update --seconds 180 --hitcount 5 -j DROP

iptables -p tcp --dport 9876 -j ACCEPT


Personally, I would simply try hiding ssh as a first step, without 
installing the rate limit iptables rules. I think you'll find simply using 
an obscure port is sufficient.


73, David KB4FXC



On Fri, 27 Mar 2020, "Wayne Jauss via ARM-allstar" wrote:

>  When I ran asterisk long ago I used fail2ban to lock out failed ssh 
logins. It made me feel better that I was doing something to lower my 
risk. Can I use fail2ban with the current version of asterisk? if so 
how?Wayne Jauss / N6TBQ
>    
>   
> _______________________________________________
> 
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> 
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>

More information about the ARM-allstar mailing list