Member-only story
How to Automatically Lock Out SSH Brute-Force Attacks on Ubuntu and Red Hat
--
Share
Intro:
If your Linux server is exposed to the internet, it’s being scanned. SSH brute-force attempts are among the most common — attackers trying thousands of usernames and passwords in seconds. You might not see it… until it works.
In this blog, I’ll show you how to detect, throttle, and block brute-force SSH attacks using real-time tools built into Ubuntu and Red Hat-based systems.
1. Check If You’re Already Under Attack
Use this command to see recent failed SSH logins:
# Ubuntusudo grep "Failed password" /var/log/auth.log
# Red Hatsudo grep "Failed password" /var/log/secure
Look for:
- Multiple failures from the same IP
- Login attempts to non-existent users
2. Enable Rate Limiting with Fail2Ban
✅ Install Fail2Ban:
# Ubuntusudo apt install fail2ban
# Red Hatsudo yum install epel-releasesudo yum install fail2ban
✅ Enable SSH protection:
Edit the jail config:
sudo nano…
Top comments (0)