CodingTricks LogoCodingTricks
HomePostsTipsCopy/PasteLinksContact UsAbout Us
2024 - 2025 CodingTricks.co | All rights reserved
Privacy PolicyTerms of Service
How to Protect Your Linux Server from Brute Force SSH Attacks

How to Protect Your Linux Server from Brute Force SSH Attacks

Posted by

kamlesh paul

on

Dec 13, 2024

| 3 min read

Last updated on : Dec 13, 2024

ServerTips
133 views

Brute Force SSH Attacks are among the most common threats to Linux servers. Cybercriminals use automated tools to guess passwords and gain unauthorized access. In this article, we’ll explore effective strategies to safeguard your Linux server from these attacks.

#Table of contents

  • 1. Disable Root Login
    • Why Disable Root Login?
    • How to Disable Root Login
  • 2. Implement Public Key Authentication
    • Why Use Public Key Authentication?
    • How to Set Up Public Key Authentication
    • Disable Password Authentication (Server) : Edit the SSH configuration file:
  • 3. Use Fail2Ban
    • What is Fail2Ban?
    • How to Install and Configure Fail2Ban
  • 4. Monitor Login Attempts
    • Why Monitor Login Attempts?
    • Tools for Monitoring

#1. Disable Root Login

#Why Disable Root Login?

  • Allowing root login via SSH can make it easier for attackers to gain full access. Instead, use a regular user account with sudo privileges.

#How to Disable Root Login

  • To disable root login, edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
  • Find the line:
PermitRootLogin yes
  • Change it to:
PermitRootLogin no
  • Then, restart the SSH service to apply the changes:
sudo systemctl restart sshd

#2. Implement Public Key Authentication

#Why Use Public Key Authentication?

  • Public key authentication is more secure than password-based logins. It relies on a pair of cryptographic keys, making it much harder for attackers to compromise

#How to Set Up Public Key Authentication

  • Generate SSH Keys (Local PC):
cd ~/.ssh && ssh-keygen -t rsa -b 4096
  • Copy the Public Key to the Server (Local PC):
 ssh-copy-id user@your_server_ip

#Disable Password Authentication (Server) : Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config
  • Find and change:
PasswordAuthentication yes

to

PasswordAuthentication no

Finally, restart SSH to apply the changes:

sudo systemctl restart sshd

#3. Use Fail2Ban

#What is Fail2Ban?

  • Fail2Ban is a security tool that scans log files and bans IP addresses with too many failed login attempts, significantly reducing the risk of brute force attacks.

#How to Install and Configure Fail2Ban

  1. Install Fail2Ban:
sudo apt install fail2ban
  1. Configure Fail2Ban for SSH: Open the configuration file:
sudo nano /etc/fail2ban/jail.local

Add the following lines:

[sshd]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3
bantime  = 15d
  1. Start and Enable Fail2Ban:
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
  1. Check Banned IP List:
sudo fail2ban-client status sshd
  1. Add an IP to the Ban List:
sudo fail2ban-client set sshd banip <IP>

Replace <IP> with the actual IP address you want to ban.

  1. Remove an IP from the Ban List:
sudo fail2ban-client set sshd unbanip <IP>

Replace <IP> with the IP address you wish to unban.

#4. Monitor Login Attempts

#Why Monitor Login Attempts?

Regularly reviewing login attempts can help you identify and respond to potential threats quickly.

#Tools for Monitoring

  • SSH Logs: Check logs at /var/log/auth.log for unauthorized access attempts:
sudo tail -f /var/log/auth.log

You can also view recent activity with the following command:

sudo journalctl --since "5 minute ago"

Related Posts

  • Blocking Disposable Emails with the laravel-disposable-email PackageBlocking Disposable Emails with the laravel-disposable-email Package
  • NextJS App Router SEO Best PracticesNextJS App Router SEO Best Practices
  • Mastering Laravel Streamed Responses: Boost Performance with Fast Data DeliveryMastering Laravel Streamed Responses: Boost Performance with Fast Data Delivery
  • How to Personalize Visual Studio Code (VSCode)How to Personalize Visual Studio Code (VSCode)
  • Email Testing with Mailtrap in NextJSEmail Testing with Mailtrap in NextJS

Tags

Api(1)Authentication(5)Backup (1)Copy Paste(12)Email(2)Express(1)Firebase(1)Github Action(2)News(8)Push Notification(1)Queue(2)Server(11)Server Action(3)Testing(1)Tips(17)Websocket(1)

Popular Posts

  • TweakPHP 0.1.0 Beta: A Free and Open-Source Alternative to Tinkerwell Is Here! TweakPHP 0.1.0 Beta: A Free and Open-Source Alternative to Tinkerwell Is Here!
  • How to use WebSocket in NextJS App router with Socket.IOHow to use WebSocket in NextJS App router with Socket.IO
  • How to Set Up Queue Jobs in NextJS Using BullMQHow to Set Up Queue Jobs in NextJS Using BullMQ
  • Boost Laravel Performance: Running Octane with FrankenPHP in Production ( Zero downtime)Boost Laravel Performance: Running Octane with FrankenPHP in Production ( Zero downtime)
  • How to Set Up NextJS cron jobs without VercelHow to Set Up NextJS cron jobs without Vercel
  • Mastering Laravel Streamed Responses: Boost Performance with Fast Data DeliveryMastering Laravel Streamed Responses: Boost Performance with Fast Data Delivery
  • How to Implement Push Notifications in NextJSHow to Implement Push Notifications in NextJS
  • Nextjs 14 roles and permissions (RBAC) : Step-by-Step GuideNextjs 14 roles and permissions (RBAC) : Step-by-Step Guide

Get updates directly to your inbox.

Join 500+ developers getting updates on Laravel & Next.js tips. No spam,
unsubscribe anytime.

Share this article:

133 views