Hackers commonly attack SSH ports with brute force attack methods to gain access and exploit system vulnerabilities. So you may need to block brute force attacks to your system. Here are some ways to stop/prevent SSH brute force attacks in Linux.
How to Stop/Prevent SSH Brute Force Attacks
Here are some of the common ways to block SSH brute force attacks.
1. Disable Root SSH Login
Typically, hackers try to access via root user of the system while making a brute force SSH attack. So it is useful to make root user inaccessible via SSH. You can do this by editing SSH configuration file, and making DenyUsers root and PermitRootLogin to no. Here is how to disable root login in SSH.
2. Modify Port Number
SSH typically runs on port 22 and hackers know this so they launch automated attacks on port 22. A simple way to thwart this is to simply run your SSH server on a different non-standard port. You can do this by editing the sshd_config file on your system.
3. Allow SSH login only from IP range
Update your firewall rules to allow access from only known IPs and IP address ranges to your system. If you restrict access to port 22 only from a limited range of IP addresses, then attackers will automatically be blocked out of your system.
This is useful especially if you work in an office environment which has a fixed range of IP addresses to work from. You may also use static IP range for this purpose, or configure VPN for it.
4. Setup 2-factor authentication
You may also setup a two-factor authentication (2FA) which is a great way to reduce brute force attacks. In 2FA, the user needs to enter a passcode they receive via SMS or email, in addition to entering the SSH key/passphrase. So even if the attacker is able to guess your SSH passphrase, they will not be able to access your system unless they have access to your email/mobile. Here is how to enable 2FA in SSH.
In this article, we have looked at 4 different ways to block brute force attacks in Linux.