Latest News: Linux shell script to change you ssh port

Block SSH Brute Force Attacks Using SSHGuard

Tutorial willing 437View(s) 0Comment

SSHGuard is a fast and lightweight monitoring tool written in C language. It monitors and protects servers  from brute force attacks using their logging activity. If someone continuously trying to access your server via SSH with many(may be four) unsuccessful attempts, the SSHGuard will block him/her for a bit by putting their IP address in iptables. Then it releases the lock automatically after sometime.

term-bruteforce

Not only SSH, it protects almost all services such as sendmail, exim, dovecot, vsftpd, proftpd and many. For more information refer the official website.

Install SSHGuard

On Ubuntu/Debian:

On CentOS/RHEL:

If you are using different architecture, download the corresponding RPM here.

Configure SSHGuard with Iptables/Netfilter

The SSHGuard doesn’t have a configuration file. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules.

For IPv4 support :

For IPv6:

Now update the INPUT chain to pass the traffic to the sshguard. Specify --dport option to protect all the ports of services using sshguard. If you want to prevent attackers from doing any traffic to the host, remove the option completely

Block all traffic from abusers

For IPv4 support:

For IPv6 support:

Block particular services such as SSH, FTP, POP, IMAP from abusers

For IPv4 support:

For IPv6 support:

Finally, save the iptables rule.

Verify that you have NOT a default allow rule passing all ssh traffic higher in the chain. Verify that you have NOT a default deny rule blocking all ssh traffic in your firewall. In either case, you already have the skill to adjust your firewall setup.

Here is a sample ruleset that makes sense:

Block whatever sshguard says is bad:

Enable ssh, dns, http, https:

Block everything else:

Configure SSHGuard without Iptables/Netfilter

If you do not use iptables, the following commands will create and save an iptables configuration that does absolutely nothing except allowing sshguard to work:

Finally save the iptables configuration:

That’s it. Now you have installed and configured SSHGuard to protect your ssh, ftp and other services from brute force attackers.

 

Source:https://www.unixmen.com/block-ssh-brute-force-attacks-using-sshguard/

Please give credit to the original author when you use it elsewhere: VPS List Agent » Block SSH Brute Force Attacks Using SSHGuard

Login to post a comment!