How to Prevent SSH Brute Force Login Attacks

mahabub.devs3
Mahabubur Rahman
Published on Apr, 09 2025 2 min read 0 comments
#security #ubuntu #ssh #centos #sysadmin #firewall #fail2ban #authentication #linux
Text Image

Secure Shell (SSH) is a widely used protocol for securely accessing remote systems. However, SSH servers are common targets for brute-force attacks, where attackers repeatedly try different username and password combinations to gain unauthorized access.  

In this guide, we’ll explore several effective methods to protect your SSH server from brute-force attacks.  

1. Use Strong Passwords or SSH Keys


The simplest way to prevent brute-force attacks is to enforce strong passwords or, better yet, use SSH key-based authentication instead of passwords.  

- Disable password authentication and rely on SSH keys:  
 

sudo nano /etc/ssh/sshd_config


 Add or modify the following lines:  

PasswordAuthentication no
PubkeyAuthentication yes

   Then restart SSH: 

sudo systemctl restart sshd

2. Change the Default SSH Port


Attackers often target the default SSH port (22). Changing the port reduces automated attacks.  

- Edit the SSH config file:  

sudo nano /etc/ssh/sshd_config

 Change the port number (e.g., 2222):  

Port 2222

Update firewall rules (if using UFW):  

sudo ufw allow 2222/tcp

Restart SSH:  

sudo systemctl restart sshd

3. Use Fail2Ban to Block Repeated Login Attempts

 
Fail2Ban automatically bans IPs that show malicious behavior, such as repeated failed login attempts.  

- Install Fail2Ban:  

sudo apt install fail2ban  # Debian/Ubuntu
sudo yum install fail2ban  # RHEL/CentOS

- Configure Fail2Ban for SSH:  

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

Adjust settings under [sshd]:  

enabled = true
maxretry = 3
bantime = 1h

Restart Fail2Ban:  

sudo systemctl restart fail2ban

4. Limit SSH Access to Specific IPs

 
If possible, restrict SSH access to trusted IPs using firewall rules (UFW/iptables) or sshd_config.  

- Edit /etc/ssh/sshd_config:  
 

AllowUsers user@trusted_ip

Or use UFW

sudo ufw allow from trusted_ip to any port 22

5. Enable Two-Factor Authentication (2FA) 

Adding an extra layer of security with 2FA makes unauthorized access much harder. Tools like Google Authenticator can be integrated with SSH.  

6. Monitor and Analyze SSH Logs 

Regularly check SSH logs for suspicious activity:

sudo grep "Failed password" /var/log/auth.log  # Debian/Ubuntu
sudo grep "Failed password" /var/log/secure   # RHEL/CentOS

Conclusion


Brute-force attacks on SSH are common, but implementing these security measures can significantly reduce risks. Key steps include:  
- Using SSH keys instead of passwords  
- Changing the default SSH port  
- Installing Fail2Ban  
- Restricting access to trusted IPs  
- Enabling 2FA  

By following these best practices, you can secure your SSH server against unauthorized access attempts.  

0 Comments
Login

Weekly Most Viewed

Weekly Most Commented