Mastering Linux
< Previous Challenge - Home - Next Challenge >
In a server, especially those directly exposed to the Internet such as web servers are very common to receive thousand of authentication attempts. If you check your /var/log/auth.log file, you will attest to this.
Those attempts are based on silly dictionary attacks, which (unfortunately) work in some % of the cases. Are you sure that your password and the passwords of all the users on your system are strong enough to survive such an attack? This is why the usage of SSH Keys is a better alternative than the user/password approach for authentication.
This challenge will cover about some options to minimize those issues:
The idea behind Fail2ban is very simple: temporarily or permanently ban an IP that performed multiple undesired actions, such as unsuccessful authentication, access to a restricted area, etc. Originally it was developed to catch illegal SSH login attempts, but later on, it grew up into an easily customizable toolkit for speedy reaction on some events (such as detected failed login attempts) recorded in the log files.
Changing the default SSH port reduces number of such attacks, so for this exercice let’s change from 22 to 2222. Remember to open the 2222 port on your NSG.