Protect your SSH server against brute-force attacks


  • SSH can be used to access to your files remotely, it even allow you to use/manage a computer remotely. But how to protect yourself against brute-force attacks ?
  • (Test all combinations of letters to find the password).
  • It's simple:
  • sudo aptitude install fail2ban 
  • If someone makes 6 failed attempts to connect on the ssh server, its IP address will be banned for 10 minutes.
  • It is sufficient to obviate such an attack.
  • To see the actions of the program, do:
  • sudo cat /var/log/fail2ban.log

Advanced use of Fail2ban

  • Fail2ban can be configured to do many other things.
  • In principle, it monitors the log files of your choice, and then triggers actions.
  • In the case of ssh, it monitors /var/log/auth.log and execute command iptables to ban IP addresses.
  • Open the file /etc/fail2ban/jail.conf
  • It already contains the lines to block attacks on the ftp server (vsftpd, wuftpd, proftpd ...), postfix, apache ...

You can start by replacing enabled=false to enabled=true.

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Protect your SSH server against brute-force attacks », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (