Brute-force attacks represent one of the most common threats to Linux servers. These attacks involve repeated attempts to log in using various combinations of usernames and passwords in order to gain unauthorized access. The following measures can significantly enhance server security against these attacks.
Use of Strong Passwords
The foundation of protection lies in using strong passwords. It is recommended to create passwords that are sufficiently long (at least 12 characters) and include a combination of uppercase and lowercase letters, numbers, and special characters. Tools such as pwgen
or apg
can be used for password management.
Changing the Default SSH Port
The standard port for SSH is 22. By changing this port to a less common one, the risk of automatically generated brute-force attacks is reduced. Port modification is done in the /etc/ssh/sshd_config
file, where the Port
directive needs to be adjusted.
Using Public Key Authentication
Authentication using keys is a more secure alternative to traditional password authentication. The public key is stored on the server, while the private key is kept securely by the user. Authentication occurs without the need to enter a password, significantly complicating brute-force attacks.
Limiting Login Attempts
Tools like fail2ban
or DenyHosts
monitor logs for unsuccessful login attempts and temporarily block further attempts from a specific IP address after reaching a certain threshold of failures. This effectively minimizes the risk of a successful brute-force attack.
Disabling SSH Root Login
Logging in as root directly via SSH should be disabled. This setting can be changed in the /etc/ssh/sshd_config
file by modifying the PermitRootLogin
directive to no
. Administrative tasks should be performed through a user with lesser privileges, who can obtain temporary administrative rights using the sudo
command.
Implementing a Firewall and Intrusion Detection System (IDS)
A firewall can restrict access to the SSH port only from trusted IP addresses. An IDS, such as Snort
, can detect and respond to suspicious activities, including brute-force attack attempts.
Securing a Linux server against brute-force attacks requires a comprehensive approach and regular maintenance. By implementing the above measures, you can significantly reduce the risk of compromising your server through these methods.