SSH Hardening: How to Secure Your Server Against Brute Force Attacks

SSH Hardening: How to Secure Your Server Against Brute Force Attacks If your server is publicly accessible, it's being attacked right now. SSH brute force is constant and automated. Here's how to lock it down. Check If You're Being Attacked # See failed SSH login attempts sudo journalctl -u sshd | grep "Failed password" | tail -20 # Or sudo grep "Failed password" /var/log/auth.log | tail -20 # Count failed attempts by IP sudo grep "Failed password" /var/log/auth.log | awk '{print $(NF-3)}' | sort | uniq -c | sort -rn | head -10 You'll probably see hundreds or thousands of failed attempts from random IPs. This is normal. Let's stop them from succeeding. Step 1: Disable Password Authentication sudo nano /etc/ssh/sshd_config Set these: PasswordAuthentication no PermitRootLogin no PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys MaxAuthTries 3 LoginGraceTime 30 sudo systemctl restart sshd Before doing this, make sure your SSH key is added to ~/.ssh/authorized_keys on the se