Listen to this Post
Every hour you may see SSH brute force attempts in your VPS from IPs at network 218.92.0.0/24. Linux VPS Security Hardening Series coming soon on Medium as a beginner.
You Should Know:
SSH brute force attacks are a common threat to VPS (Virtual Private Server) security. Attackers use automated tools to try multiple username and password combinations to gain unauthorized access. Below are some practical steps, commands, and codes to secure your Linux VPS against such attacks.
1. Change the Default SSH Port
By default, SSH listens on port 22. Changing this port can reduce the number of brute force attempts.
sudo nano /etc/ssh/sshd_config
Find the line `#Port 22` and change it to a different port, e.g., Port 2222. Save and exit the file, then restart the SSH service:
sudo systemctl restart sshd
2. Use SSH Key-Based Authentication
Password-based authentication is vulnerable to brute force attacks. Use SSH keys instead.
Generate an SSH key pair on your local machine:
ssh-keygen -t rsa -b 4096
Copy the public key to your VPS:
ssh-copy-id -i ~/.ssh/id_rsa.pub user@your_vps_ip -p 2222
Disable password authentication in the SSH configuration file:
sudo nano /etc/ssh/sshd_config
Set `PasswordAuthentication no` and restart the SSH service:
sudo systemctl restart sshd
3. Install and Configure Fail2Ban
Fail2Ban is a tool that bans IPs after a specified number of failed login attempts.
Install Fail2Ban:
sudo apt-get update sudo apt-get install fail2ban
Copy the default configuration file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Edit the configuration file:
sudo nano /etc/fail2ban/jail.local
Set the following parameters:
[sshd] enabled = true maxretry = 3 bantime = 3600
Restart Fail2Ban:
sudo systemctl restart fail2ban
4. Enable a Firewall
Use `ufw` (Uncomplicated Firewall) to restrict access to your VPS.
Install `ufw`:
sudo apt-get install ufw
Allow the new SSH port:
sudo ufw allow 2222/tcp
Enable the firewall:
sudo ufw enable
Check the status:
sudo ufw status
5. Regularly Update Your System
Keep your system and software up to date to patch vulnerabilities.
sudo apt-get update sudo apt-get upgrade -y
6. Monitor SSH Logs
Regularly check SSH logs for suspicious activity.
sudo tail -f /var/log/auth.log
What Undercode Say:
Securing your Linux VPS is crucial in today’s threat landscape. By changing the default SSH port, using key-based authentication, installing Fail2Ban, enabling a firewall, and keeping your system updated, you can significantly reduce the risk of SSH brute force attacks. Regular monitoring of logs will help you stay ahead of potential threats.
Expected Output:
- SSH brute force attempts reduced.
- Unauthorized access attempts logged and banned.
- Enhanced VPS security with minimal downtime.
URLs:
References:
Reported By: Abhirup Konwar – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
