Protect your SSH server against brute-force attacks

Ask a question



Intro

  • SSH can be used to access to your files remotely, it even allow you to use/manage a computer remotely. But how to protect yourself against brute-force attacks ?
  • (Test all combinations of letters to find the password).
  • It's simple:
  • sudo aptitude install fail2ban 
  • If someone makes 6 failed attempts to connect on the ssh server, its IP address will be banned for 10 minutes.
  • It is sufficient to obviate such an attack.
  • To see the actions of the program, do:
  • sudo cat /var/log/fail2ban.log

Advanced use of Fail2ban

  • Fail2ban can be configured to do many other things.
  • In principle, it monitors the log files of your choice, and then triggers actions.
  • In the case of ssh, it monitors /var/log/auth.log and execute command iptables to ban IP addresses.
  • Open the file /etc/fail2ban/jail.conf
  • It already contains the lines to block attacks on the ftp server (vsftpd, wuftpd, proftpd ...), postfix, apache ...

You can start by replacing enabled=false to enabled=true.
Jean-François Pillou

CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jeff Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.

Learn more about the CCM team