Protect your SSH server against brute-force attacks

August 2017




Intro

  • SSH can be used to access to your files remotely, it even allow you to use/manage a computer remotely. But how to protect yourself against brute-force attacks ?
  • (Test all combinations of letters to find the password).
  • It's simple:
  • sudo aptitude install fail2ban 
  • If someone makes 6 failed attempts to connect on the ssh server, its IP address will be banned for 10 minutes.
  • It is sufficient to obviate such an attack.
  • To see the actions of the program, do:
  • sudo cat /var/log/fail2ban.log

Advanced use of Fail2ban

  • Fail2ban can be configured to do many other things.
  • In principle, it monitors the log files of your choice, and then triggers actions.
  • In the case of ssh, it monitors /var/log/auth.log and execute command iptables to ban IP addresses.
  • Open the file /etc/fail2ban/jail.conf
  • It already contains the lines to block attacks on the ftp server (vsftpd, wuftpd, proftpd ...), postfix, apache ...

You can start by replacing enabled=false to enabled=true.

Related


Published by jak58. Latest update on April 17, 2013 at 08:33 AM by deri58.
This document, titled "Protect your SSH server against brute-force attacks," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).