Table of Contents
SSH brute force attacks are automated attempts to gain server access by guessing login credentials. Because SSH is exposed to the internet on most VPS servers, securing it is critical. This guide explains the most effective steps to protect SSH from brute force attacks.
Step 1: Use Strong Passwords
Weak passwords make brute force attacks successful. Always use long and complex passwords. Strong passwords reduce the chance of unauthorized access.
passwd usernameStep 2: Enable SSH Key Authentication
SSH key authentication replaces password-based logins with cryptographic keys, making brute force attacks ineffective and significantly improving SSH security.
ssh-keygen -t rsa -b 4096
This command copies your SSH key to the server:
ssh-copy-id user@server_ip
Step 3: Disable Password Login
sudo nano /etc/ssh/sshd_config
This setting disables password-based SSH logins:
PasswordAuthentication no
Step 4: Change the Default SSH Port
Most attacks target port 22. Changing the port reduces bot traffic.This lowers exposure to automated scans.
sudo nano /etc/ssh/sshd_config
Port 2222
Step 5: Disable Root SSH Access
Root login increases security risks.Administrative access should be done via a normal user.
sudo nano /etc/ssh/sshd_config
Blocks direct root SSH login:
PermitRootLogin no
Step 6: Block Brute Force Attempts
Fail2Ban blocks IPs with repeated failed logins.This provides automatic real-time protection.
sudo apt install fail2ban -y
Starts and enables Fail2Ban:
sudo systemctl enable --now fail2ban
Step 7: Protect SSH with Firewall
Firewalls restrict which ports are accessible.Only required services remain open.
sudo ufw allow 2222/tcp
Activates the firewall:
sudo ufw enable
Step 8: Monitor SSH Logs
Monitoring login activity helps detect attacks early.Log monitoring improves response to threats.
sudo tail -f /var/log/auth.log
