Protect your SSH server against brute-force attacks
Intro
- SSH can be used to access to your files remotely, it even allow you to use/manage a computer remotely. But how to protect yourself against brute-force attacks ?
- (Test all combinations of letters to find the password).
- It's simple:
sudo aptitude install fail2ban
- If someone makes 6 failed attempts to connect on the ssh server, its IP address will be banned for 10 minutes.
- It is sufficient to obviate such an attack.
- To see the actions of the program, do:
sudo cat /var/log/fail2ban.log
Advanced use of Fail2ban
- Fail2ban can be configured to do many other things.
- In principle, it monitors the log files of your choice, and then triggers actions.
- In the case of ssh, it monitors /var/log/auth.log and execute command iptables to ban IP addresses.
- Open the file /etc/fail2ban/jail.conf
- It already contains the lines to block attacks on the ftp server (vsftpd, wuftpd, proftpd ...), postfix, apache ...
You can start by replacing enabled=false to enabled=true.
Related
- Protect your SSH server against brute-force attacks
- Protect your Joomla or WordPress websites against brute force attacks » How-To - Security
- Installing a SSH server on Ubuntu » How-To - Ubuntu
- Protect your Counter-Strike Source Server- The Anti-Cheats » How-To - Counter Strike
- Web server attacks » Articles
- Can't format USB mass storage drive [Solved] (Solved) » Forum - System software