Protect your SSH server against brute-force attacks

December 2016




Intro

  • SSH can be used to access to your files remotely, it even allow you to use/manage a computer remotely. But how to protect yourself against brute-force attacks ?
  • (Test all combinations of letters to find the password).
  • It's simple:
  • sudo aptitude install fail2ban 
  • If someone makes 6 failed attempts to connect on the ssh server, its IP address will be banned for 10 minutes.
  • It is sufficient to obviate such an attack.
  • To see the actions of the program, do:
  • sudo cat /var/log/fail2ban.log

Advanced use of Fail2ban

  • Fail2ban can be configured to do many other things.
  • In principle, it monitors the log files of your choice, and then triggers actions.
  • In the case of ssh, it monitors /var/log/auth.log and execute command iptables to ban IP addresses.
  • Open the file /etc/fail2ban/jail.conf
  • It already contains the lines to block attacks on the ftp server (vsftpd, wuftpd, proftpd ...), postfix, apache ...

You can start by replacing enabled=false to enabled=true.

Related :

This document entitled « Protect your SSH server against brute-force attacks » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.