Protect your SSH server against brute-force attacks

Last update on November 7, 2009 10:57 AM by jak58
Published by jak58

Protect your SSH server against brute-force attacks






Intro


SSH is excellent for remote access to your files, it even allow you to use a computer remotely.

But what to do against brute-force attacks ?
(Test all combinations of letters to find the password).

It's simple: 

sudo aptitude install fail2ban



If someone makes 6 failed attempts to connect on the ssh server, its IP address will be banned for 10 minutes.
It is sufficient to obviate such an attack.

To see the actions of the program, do: 


sudo cat /var/log/fail2ban.log

Advance use


Fail2ban can be configured to do many other things.

In principle, it monitors the log files of your choice, and then triggers actions.

In the case of ssh, it monitors /var/log/auth.log and execute command iptables to ban IP addresses.

Open the file /etc/fail2ban/jail.conf
It already contains the lines to block attacks on the ftp server (vsftpd, wuftpd, proftpd ...), postfix, apache ...
You can start by replacing enabled=false to enabled=true.
Best answers for « Protect your SSH server against brute force attacks » in :
Installing a SSH server on Ubuntu Show Installing a SSH server on Ubuntu Installation Connection An ssh server allows you to remotely access your machine. You'll have access to the remote console (equivalent to telnet, but secure) and the transfer of files (equivalent...
ToolsCleaner:removal of Fix from Brute Force Show ToolsCleaner:removal of Fix from Brute Force ToolsCleaner, will allow you to uninstall various disinfection tools. This software will easily get rid of brute force software, which can be dangerous for your PC, through a poor analysis...
Denial of service attack Show Introduction to denial-of-service attacks A "denial-of-service attack" (abbreviated DoS) is a type of attack that aims to make an organization's services or resources unavailable for an indefinite amount of time. Most of the time, these attacks are...
File transfer via SSH ShowSSH - Secure SHell SSH allows the use of pipelines controls, and use inputs / outputs pipes as any other commands , on the basis that redirection is done to or from the remote machine. This may be used to transfer files: ssh server...
Delay during a SSH connection under Linux ShowDelay during a SSH connection under Linux Solution 1 Solution 2 When connecting to an SSH server, it takes a lot of time for logging (e.g, ssh server on Debian). This is due to a problem from the name resolution of the server....
Log in remotely with SSH (Linux) ShowLog in remotely with SSH (Linux) Issue Solution Using SSH through a proxy: Issue Log in remotely with SSH under Linux. Solution The commands below are relevant only if you have an existing account on the PC you want to connect and...
Passwords ShowPasswords When connecting to a computer system, you usually have to enter a log in or username and a password to access it. This login/password pair thus forms the key for obtaining access to the system. While the login is in general...
Web server attacks ShowVulnerability of web services The first network attacks exploited vulnerabilities related to the implementation of TCP/IP protocol suites. With the gradual correction of these vulnerabilities, attacks have shifted to application layers and...
Teardrop attack ShowFragment attack A "fragment attack" is a network saturation (denial-of-service) attack that exploits the fragmentation principle of the IP protocol. The IP protocol is used to fragment large packets into several IP packets each having a sequence...
They need your help