In the past, I've written about the usefulness of using iptables to limit incoming SSH connections. Although it isn't a replacement for a good password policy, it at least limits the ability of outsiders to perform a brute-force password attack on your system. Now that I've started using Ubuntu more regularly, I've found that
ufw is the recommended way to manage the
ufw command line to limit the number of incoming SSH connections is
ufw limit 22/tcp. That's it. All done.
Here's some more output.
# ufw limit 22/tcp Rule inserted # ufw status Status: active To Action From -- ------ ---- 22/tcp LIMIT Anywhere # # iptables --list ufw-user-input Chain ufw-user-input (1 references) target prot opt source destination tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source ufw-user-limit tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source ufw-user-limit-accept tcp -- anywhere anywhere tcp dpt:ssh
ufw's default is to limit SSH connections from a specific IP address if it attempts 6 or more connections within 30 seconds. If you feel this is too generous, you will likely have to stop using
ufw. From what I can tell, these options are hardcoded into the Python library.