How to secure ssh from attacks

Fail2ban

People using vps hosting or dedicated hosting services for their website and app hosting, facing issues with server security.

It becomes more difficult when someone is not from technical or system administration background and managing server for his/her website, app, company.

So here we are making this task to something more simple for ssh login attacks via using fail2ban on your centos 7 server.

Here i am discussing step by step guide on how to install fail2ban on Centos 7 to secure your vps/dedicated hosting ssh access.

Before we start

To install fail2ban on centos server we require EPEL(Extra package for enterprise linux) repositories, so first we will install EPEL, EPEL contains all extra package for all centos.

To install epel, run the following command

yum install epel-release -y

After installation of EPEL repository, We can install fail2ban directly from yum.

Step 1. Install Fail2ban via yum

yum install fail2ban

Step 2. Configure Fail2ban Configuration file

Make a copy of the jail.conf file and save it with the name jail.local

cp -pf /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Open the jail.local file for editing in vim/vi with the following command.(Or you can use editor of your choice, like nano.)

Vi /etc/fail2ban/jail.local

Or

nano /etc/fail2ban/jail.local

Here is simple output of jail.conf file default valuse , you can customise settings according to your preferences.

 

[DEFAULT]

#

# MISCELLANEOUS OPTIONS

#

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not

# ban a host which matches an address in this list. Several addresses can be

# defined using space separator.

ignoreip = 127.0.0.1/8

# External command that will take an tagged arguments to ignore, e.g. <ip>,

# and return true if the IP is to be ignored. False otherwise.

#

# ignorecommand = /path/to/command <ip>

ignorecommand =

# "bantime" is the number of seconds that a host is banned.

bantime = 600

# A host is banned if it has generated "maxretry" during the last "findtime"

# seconds.

findtime = 600

# "maxretry" is the number of failures before a host get banned.

maxretry = 5

 

Add a jail file to protect SSH and ftp(vsftpd) server

Vi /etc/fail2ban/jail.d/sshd.local
[sshd]
enabled = true
port = ssh
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400

Start fail2ban service
If you are not running firewall yet.

systemctl enable firewalld
systemctl start firewalld
systemctl enable fail2ban
systemctl start fail2ban

More from this author

Leave a Reply

Watch Dragon ball super