Backend / DevOps / Architect
Brit by birth,
located worldwide

All content © Alex Shepherd 2008-2024
unless otherwise noted

Modifying the SSH ban list.

Published 16 years ago
1 min read
image
Image Credit: D4m1en

Hi everybody!

How many times have you locked yourself out of your remote server by being too quick for your own good? My servers are all set to ban an IP after 3 connection attempts within a minute, so it happens quite regularly that I lock myself out.

The list of banned IPs is stored in /proc/net/ipt_recent. There are a couple of commands this 'file' understands...

To see what IPs are currently banned, use:

cat /proc/net/ipt_recent/BAN_LIST_NAME).

To remove an IP from the list use:

echo "-xxx.xxx.xxx.xxx" > /proc/net/ipt_recent/BAN_LIST_NAME

To add a suspicious or known bad IP:

echo "+xxx.xxx.xxx.xxx" >; /proc/net/ipt_recent/BAN_LIST_NAME

To remove all entries (not really a very good idea):

echo "clear" > /proc/net/ipt_recent/BAN_LIST_NAME

That's all for now.

n00b