How to ban IPs trying to login as root with ssh

ssh linux

Solution 1:

I setup two different Fail2Ban rules:

  1. If they try an invalid username they get banned on the first try, permanently. I don't have many people getting in that way and none of them have ever got banned that way; but it may be a support issue if you've got lots of people signing in. Root isn't a valid ssh login on my systems.

    I'm on a FreeBSD system, so you might have to modify this rule a touch. Create a ssh-invaliduser.local file in the filter.d directory:

    failregex = ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$

    Set the options for this rule as usual in the jail.local file.

  2. The second rule locks out attempts that have got the password wrong 10 times for 10 minutes. Nobody's going to break in at 1 password per minute average speed.

Related

postfix check warm me that some file differ
Zipping folder with absolute path without keeping tree of folders
Should one use "From", "Reply-To" or both headers to reflect their client's email address when sending an email to yourself from a "Contact Us" page?
HylaFax - Get status of a job
Security in shared hosting vs VPS 'virtual appliances'
Impact of MTU on IP packet fragmentation and reassembly
Save changes to iptables
tar gzip slowing down server
How can I force all internet traffic over a PPTP VPN but still allow local lan access?
Slapd service won't start, unable to open pid file
How to redirect ports for on a virtual interface?
Glob Not Match?