To protect your server from brute force attacks (hacking by brute force attacks), it is best to configure and use key authentication instead of password authentication.
Another way to protect yourself is to use the Fail2ban utility. Fail2ban analyzes logs of services running on the server and, when suspicious activity is detected, blocks the IP addresses of possible attackers. Fail2ban can be used to protect Apache, FTP, dovecot and many other services.
In this article, we will look at the basic setup of Fail2ban to protect the SSH service from password guessing.
To install Fail2ban on Ubuntu/Debian run:
sudo apt update
sudo apt install fail2ban -y
To install on CentOS:
sudo yum update && yum install epel-release
sudo yum install fail2ban
Add Fail2ban to startup:
sudo systemctl enable fail2ban
Checking
After setting up Fail2ban, it makes sense to check its operation. It is better to do this not immediately, but a couple of hours after saving the settings, then the result will be more clear.
You can view blocked IP addresses in iptables:
sudo iptables -L
or display Fail2ban operation logs:
sudo tail /var/log/fail2ban.log
Information can also be obtained from the Fail2ban interface:
sudo fail2ban-client status sshd
