Question

4

Secure an Ubuntu OpenSSH server from Brute force attacks but without a firewall or SSH key pair?

rated 0 times [ 4] [ 0] / answers: 1 / hits: 3318 / 1 Year ago, sat, december 10, 2022, 11:05:36

I use Ubuntu 16.04 and seek to harden my SSH authentication in a special manner.

The current situation:

I have a machine with a minimal Ubuntu server I use mainly to transfer files to via its local OpenSSH server. Now, I don't have a firewall on that machine from a few reasons and I also avoid using a key pair hence I use only a password. One of the only ways I have left to defend from brute force attacks, and the one I most desire at the moment, is using a mechanism that blocks a user for X amount of hours, after Y amount of connection tries.

The desired situation:

I wish to have a standalone mechanism (that is, not as part of a firewall) that blocks a user for X amount of hours, after Y amount of connection tries as a way to defend from brute force attacks.

My Question:

Do you know a utility (and specific configuration) that will let me achieve the desired situation?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

moloy

Add To Favorites

Follow

Total Points: 457

Total Questions: 93

Total Answers: 119

Location: Romania

Member since Wed, Dec 29, 2021

2 Years ago

answered 1 Year ago oleard · Accepted Answer

You can do this with Fail2ban:

sudo apt-get install fail2ban

Then:

sudo vim /etc/fail2ban/jail.conf

edit bantime to set your desired ban time

edit maxretry to set maximum fail attempts

as mentioned by other comments, fail2ban requires iptables.

Separate option -- port knocking:

This requires only iptables, practically 0 memory and will effectively hide your service from port scans

Not directly answering your question, but maybe you can implement port knocking to hide your service availability instead of banning repeated attempts.

a quick google search reveals this:
https://www.digitalocean.com/community/tutorials/how-to-configure-port-knocking-using-only-iptables-on-an-ubuntu-vps

You do require iptables though.

P.S.: I know security through obscurity is no security at all, but together with other practices it can help make you a more difficult target.