Stop Brute Force: 5 Immediate Steps to Block SSH Hacking is a strategic cybersecurity playbook designed to secure Linux servers from automated password-guessing attacks.
Here are the five immediate, actionable steps to secure your Secure Shell (SSH) access. π οΈ 1. Change the Default SSH Port
Most automated bots target the default SSH Port 22. Changing this port immediately stops the vast majority of automated scanning scripts. Action: Open /etc/ssh/sshd_config.
Change: Find #Port 22 and change it to a random high port (e.g., Port 2244).
Result: Hackers must port-scan your server before attempting a brute-force attack. π 2. Disable Password Authentication
Passwords are vulnerable to dictionary attacks. Switching to SSH keys makes brute-forcing mathematically impossible.
Action: Generate an SSH key pair (ssh-keygen) and copy it to your server.
Change: In /etc/ssh/sshd_config, set PasswordAuthentication no.
Result: The server will reject all traditional password login attempts. π« 3. Ban Root Logins
The root username exists on every Linux system. Attackers always target this username first because it grants absolute control.
Action: Create a new, limited user account with sudo privileges. Change: In /etc/ssh/sshd_config, set PermitRootLogin no.
Result: Attackers cannot guess passwords for a root account that is blocked from logging in. π‘οΈ 4. Install Fail2ban
Fail2ban is an intrusion prevention software that monitors server logs for malicious activity and automatically blocks offenders.
Action: Install the package (sudo apt install fail2ban or sudo dnf install fail2ban). Configure: Set a rule to monitor SSH logs.
Result: If an IP address fails to log in 3 to 5 times, Fail2ban dynamically blocks that IP using the server’s firewall. πΊοΈ 5. Restrict Access via Firewall or AllowList
The most secure server is one that only talks to trusted networks. You can restrict SSH access to specific IP addresses.
Action: Use a firewall tool like UFW, firewalld, or cloud security groups.
Change: In /etc/ssh/sshd_config, add AllowUsers yourusername@your_static_ip.
Result: Even if someone steals your login credentials, they cannot log in from an unauthorized physical location. To help apply these changes safely, could you share: Your Linux distribution (Ubuntu, CentOS, Debian)? If you have a static IP address? Whether you currently use SSH keys?
I can provide the exact terminal commands for your specific setup.
Leave a Reply