Protect your SSH server against brute-force attacks

October 2016


  • SSH can be used to access to your files remotely, it even allow you to use/manage a computer remotely. But how to protect yourself against brute-force attacks ?
  • (Test all combinations of letters to find the password).
  • It's simple:
  • sudo aptitude install fail2ban 
  • If someone makes 6 failed attempts to connect on the ssh server, its IP address will be banned for 10 minutes.
  • It is sufficient to obviate such an attack.
  • To see the actions of the program, do:
  • sudo cat /var/log/fail2ban.log

Advanced use of Fail2ban

  • Fail2ban can be configured to do many other things.
  • In principle, it monitors the log files of your choice, and then triggers actions.
  • In the case of ssh, it monitors /var/log/auth.log and execute command iptables to ban IP addresses.
  • Open the file /etc/fail2ban/jail.conf
  • It already contains the lines to block attacks on the ftp server (vsftpd, wuftpd, proftpd ...), postfix, apache ...

You can start by replacing enabled=false to enabled=true.

Related :

This document entitled « Protect your SSH server against brute-force attacks » from CCM ( is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.