How to Protect Your Server from Notty Logins using Fail2Ban

[sibipaul]

Hi All,

Every time When I logged into My SSH, I can see too many Failed Login Attempts...

I was so much continuous about the security of My server.

I won't allow any brute force attackers to steal my password.

As a Learner and Practitioner, I was not having enough knowledge in Linux or Cent OS.

Just Trying Online forums Like this.

Finally, I found a solution to get rid of those Attacks.

Original Post, that Helped me is from here - https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7

But, I feel that is Little more complicated for a fresher.

So, I just simplified them.

First of All, You have to log in to your SSH as ROOT.

You can Run this Command to Login as ROOT ( if not already logged in as ROOT )

sudo su -

After login as ROOT

Run These Commands One By One.

1 -

yum install epel-release

You will be prompted to continue—press y, followed by Enter:

2 -

yum install fail2ban

Again, press y and Enter when prompted to continue.

3 -

systemctl enable fail2ban

4 -

nano /etc/fail2ban/jail.local

NOW Copy This Below Text and Paste in Your SSH Screen

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

Press Ctrl-X to exit, y to save, and Enter to confirm

5 -

systemctl restart fail2ban

Now, you can Test the Status

6 -

fail2ban-client status

if the Output Shows like this

Status
|- Number of jail:      1
`- Jail list:   sshd

then, Everything is OK

Also, Do this Command to get More Info

7 -

fail2ban-client status sshd

These are the Simple Methods I Used to Secure my server using Fail2Ban.

in the above link, You can find more Options. I just Simplified it.

NB: I Learn many new things from this Community. So, I Love to Contribute back to this community. something as I can...

 

[sibipaul]

Replace This Code

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

With this code

[DEFAULT]
# Ban hosts for 10 minutes:
ignoreip = 127.0.0.1/8 ::1
bantime  = 10m
findtime = 10m
maxretry = 5

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

You can Change the Values as per your requirements...

 

[serpent_driver]

@sibipaul

Thank you for your explanation, but there is a much easier way to protect unallowed SSH access.

First of all and the most important to do: Change SSH standard port. This reduces the rate of login tries up to 90%.

If you have cPanel, use cPHulk and ConfigServer Security & Firewall. Both tools have GUI, (almost) no configuration needed, highly user friendly, no SSH access to manage it.

 

[sibipaul]

Can You Share me Your Valuable Info to Change the SSH Port?

I Use Litespeed + Cyber Panel

Somewhere I read about

Create a New User and Give SUDO Permission,

Then, Disable ROOT User, will also secure the server...

Share me if you have valuable info about this...

 

[serpent_driver]

Google is your friend:

https://www.google.com/search?q=change+ssh+port+centos

 

[winkybil]

I find nonstandard ports ( where you can) avoids a lot of rubbish filling logs. Obviously privileged ports under 1024 if you have users who could impersonate sshd on the inside etc.
Fail2ban, SSH keys only, disable remote root, consider sudo, consider nonstandard ports, auditd, lock down sshd for no port forwarding if you don't need it. If you're very paranoid you can enable port knocking. Also tripwire or aide or equivalent intrusion detection should the worst happen. Consider different cyphers available for SSH and possibly some two factor authentication additionally via a yubi key or something like that.





192.168.100.1 jpg to pdf