Preventing brute force attacks against ssh?

Solution 1:

I use fail2ban which will lock an IP out after several failed attempts for a configurable amount of time.

Combine this with password strength testing (using john (John the Ripper)) to ensure brute-force attacks will not succeed.

Solution 2:

Here's a good post on that subject by Rainer Wichmann.

It explains pros and cons on theses methods to do it :

  • Strong passwords
  • RSA authentication
  • Using 'iptables' to block the attack
  • Using the sshd log to block attacks
  • Using tcp_wrappers to block attacks
  • Port knocking

Solution 3:

Ons small thing you can do is use something like DenyHosts:

http://denyhosts.sourceforge.net/

It uses the built-in hosts.allow/hosts.deny to block out SSH abusers.


Solution 4:

  • Change the port used (as Trent mentioned)
  • Require encryption keys instead of passwords. http://novosial.org/openssh/publickey-auth/
  • Blacklist attacker ips
  • Whitelist known users to prevent accidental blacklisting. (as Samiuela mentioned)

Solution 5:

One of the easiest ways to avoid these attacks is to change the port that sshd listens on