Protect your server from SSH attack

Today I have found that there is an IP in Turkey keep trying to login to my server, and I’ve found that my current settings has no protection against this brute-force login, so I did a Google search on this and would like to share with you guys.

To check if your server is currently being attacked via ssh, use this command

> tcpdump port ssh

sshd config

In CentOS, the sshd config is located at /etc/ssh/sshd_config, I have uncommented the following lines:

you can also limit root access, allow only certain IP to access the ssh etc, however I’m using dynamic IP ISP and I’m used to root ssh access, so I only use these settings.

IPTables protection

Relying only on sshd_config is not enough, the attack host still keep sending login requests and could possibly paralyse the network traffic of linux box. I need to find a way to Continue reading