SSH BRUTEFORCE ATTACK: How to defend against it effectively?
Hackers frequently target Linux servers and try to bruteforce the ssh daemon running on it. If the root password that you have set is weak , the hackers would quickly gain access to your Linux server and your machines could be part of wider bot network, launching ddos attacks , sniffing, and doing other nefarious activities without the system administrator knowing about it.
The best ways to defend are :
ssh bruteforce attack
- Disable password based authentication and use only Key based authentication which is the most effective method to beat bruteforce attacks.
- In case you have to enable password based authentication for some reason, do drop all ssh traffic to your server by default and Allow only the ips that you know would be accessing your server in ssh.
- Use the AllowUsers directive in the ssh configuration to only allow certain users or IP’s. In /etc/ssh/sshd_config, you can specify a list of allowed users like this:AllowUsers [email protected] [email protected] This will allow only the user rick to ssh from the ip 220.127.116.11 and the user root can ssh only from 18.104.22.168
- Set super strong password that are more than 10 characters long. Ezeelogin ssh jumphosts password management feature would help you set 30 character long complex passwords.
- Frequently reset the passwords once a day. The password management feature in Ezeelogin ssh gateway would do that automatically for you at the click of a button.