\n<\/p>\n
As cyber threats become increasingly sophisticated, ensuring the security of your Linux servers is paramount. One of the most common vulnerabilities is exposing your system to brute-force attacks via SSH (Secure Shell). These attacks involve automated scripts attempting to guess passwords, leading to unauthorized access. In this article, we’ll explore effective strategies for blocking repeated SSH login attempts on Linux servers to safeguard your systems.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
First and foremost, a robust password policy is essential. Ensure that users create complex passwords that include a mix of upper and lower case letters, numbers, and special characters. Enforcing a minimum password length of 12 characters can significantly enhance security.<\/p>\n
<\/p>\n
<\/p>\n
Consider implementing account lockout policies that temporarily disable an account after a specified number of failed login attempts. This discourages repeated guessing efforts.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
Changing the default SSH port from 22 to another, less common port can obscure your server and deter basic automated attacks. You can do this by modifying the sudo nano \/etc\/ssh\/sshd_config<\/p>\n Port 2222<\/p>\n <\/p>\n Don\u2019t forget to restart the SSH service after making changes: <\/p>\n <\/p>\n <\/p>\n sudo apt-get install fail2ban<\/p>\n sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local<\/p>\n <\/p>\n <\/p>\n In your <\/p>\n <\/p>\n bash <\/p>\n <\/p>\n <\/p>\n Instead of relying on passwords, using SSH key pairs can offer superior security. Generate an SSH key pair with: <\/p>\n Place your public key in the <\/p>\n <\/p>\n To further secure your server, disable password authentication altogether in the <\/p>\n <\/p>\n <\/p>\n TCP Wrappers provide a way to control access to services on your Linux server. In <\/p>\n sshd: ALL<\/p>\n <\/p>\n Then, in <\/p>\n sshd: 192.168.1.100<\/p>\n <\/p>\n This configuration allows only the specified IP to access SSH.<\/p>\n <\/p>\n <\/p>\n <\/p>\n Regularly monitoring your server logs is critical for spotting unusual activity. Tools like <\/p>\n <\/p>\n Consider using tools like <\/p>\n <\/p>\n <\/p>\n Setting up a firewall can effectively limit access to your SSH service. Consider using sudo ufw allow 2222\/tcp<\/p>\n sudo ufw enable<\/p>\n <\/p>\n <\/p>\n Securing your Linux server against repeated SSH login attempts is an ongoing process that involves implementing multiple strategies. From using strong passwords and changing default ports to employing tools like Fail2Ban, SSH key authentication, TCP Wrappers, log monitoring, and firewalls, each step plays a vital role in fortifying your server.<\/p>\n <\/p>\n By adopting these strategies, you can significantly reduce the risk of unauthorized access and keep your data safe. Remember, the best defense is a proactive approach, so invest time in securing your systems today. For more tips and updates on Linux security, stay tuned to the WafaTech Blog!<\/p>\n\n","protected":false},"excerpt":{"rendered":" As cyber threats become increasingly sophisticated, ensuring the security of your Linux servers is paramount. One of the most common vulnerabilities is exposing your system to brute-force attacks via SSH (Secure Shell). These attacks involve automated scripts attempting to guess passwords, leading to unauthorized access. In this article, we’ll explore effective strategies for blocking repeated […]<\/p>\n","protected":false},"author":2,"featured_media":2808,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[22],"tags":[1116,1034,202,265,269,1522,302,770,203],"class_list":["post-2807","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux-security","tag-attempts","tag-blocking","tag-effective","tag-linux","tag-login","tag-repeated","tag-servers","tag-ssh","tag-strategies","et-has-post-format-content","et_post_format-et-post-format-standard"],"yoast_head":"\n\/etc\/ssh\/sshd_config<\/code> file:
\nbash<\/p>\n
\nbash
\nsudo systemctl restart sshd<\/p>\n3. Implement Fail2Ban<\/h2>\n
Install and Configure<\/h3>\n
Fail2Ban<\/code> is a powerful tool that can help protect your server from brute-force attacks. It works by monitoring log files and banning IPs that show malicious signs. To install and configure it:
\nbash<\/p>\nCustomize Filters<\/h3>\n
jail.local<\/code> file, enable the SSH jail and set up parameters:
\nini
\n[sshd]
\nenabled = true
\nport = 2222 # Change to custom port if necessary
\nfilter = sshd
\nlogpath = \/var\/log\/auth.log
\nmaxretry = 3
\nbantime = 600<\/p>\nStart and Enable Fail2Ban<\/h3>\n
\nsudo systemctl start fail2ban
\nsudo systemctl enable fail2ban<\/p>\n4. Utilize SSH Key Authentication<\/h2>\n
Generate SSH Keys<\/h3>\n
\nbash
\nssh-keygen -t rsa -b 4096<\/p>\n~\/.ssh\/authorized_keys<\/code> file on your server. <\/p>\nDisable Password Authentication<\/h3>\n
sshd_config<\/code> file:
\nbash
\nPasswordAuthentication no<\/p>\n5. Configure TCP Wrappers<\/h2>\n
Use
\/etc\/hosts.allow<\/code> and \/etc\/hosts.deny<\/code><\/h3>\n\/etc\/hosts.deny<\/code>, you can block all access:<\/p>\n\/etc\/hosts.allow<\/code>, specify allowed IP addresses:<\/p>\n6. Monitor Logs Regularly<\/h2>\n
Use Log Analysis Tools<\/h3>\n
Logwatch<\/code> or GoAccess<\/code> can help visualize login attempts and spot patterns. Set them up to receive periodic reports on SSH access.<\/p>\nEmploy Intrusion Detection Systems<\/h3>\n
OSSEC<\/code> or AIDE<\/code> to detect unusual logins and modify alert statuses. An intrusion detection system can provide an additional layer of security by alerting you to unauthorized access.<\/p>\n7. Configure a Firewall<\/h2>\n
Use UFW or Firewalld<\/h3>\n
UFW<\/code> (Uncomplicated Firewall) or firewalld<\/code> to create rules that only allow specific IP ranges. Here\u2019s how to configure UFW:
\nbash<\/p>\nConclusion<\/h2>\n