While there is no specific official book or document titled “The Complete Step-by-Step Guide to BlockSSHacking on Ubuntu,” this phrasing generally refers to the collective industry-standard practices used to protect, harden, and block brute-force SSH attacks on an Ubuntu server. Malicious bots constantly scan internet-facing servers on port 22 trying to guess login credentials.
Stopping these automated SSH hacking attempts relies on a multi-layered security strategy broken down below. 1. Ban Attackers Automatically with Fail2Ban
Fail2Ban is the most critical tool for stopping automated SSH hacking. It monitors server log files for repeated failed login attempts and dynamically updates the firewall to ban the attacker’s IP address. Installation: sudo apt update && sudo apt install fail2ban -y Use code with caution.
Configuration: Copy the default setup to create a local override file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo systemctl start fail2ban sudo systemctl enable fail2ban Use code with caution.
By default, this will automatically ban any IP address that fails 5 consecutive login attempts for a duration of 10 minutes. 2. Disable Password Authentication Entirely
Hackers cannot guess a password if the server refuses to accept them. Cryptographic SSH Key Pairs are vastly more secure and completely immune to brute-force text dictionary attacks.
Generate an SSH key on your local computer (ssh-keygen) and push it to your server using ssh-copy-id user@your_server_ip. Open the configuration file on the Ubuntu server: sudo nano /etc/ssh/sshd_config Use code with caution.
Find and change the following lines to disable password entry:
PasswordAuthentication no ChallengeResponseAuthentication no Use code with caution. Save the file and restart the service: sudo systemctl restart sshd Use code with caution. 3. Block Root Logins
The user root exists on every Linux system by default, making it the primary target for every automated hacking script. Force attackers to guess both a unique username and a password/key by disabling root access: Open /etc/ssh/sshd_config. Edit the root login line: PermitRootLogin no Use code with caution. Restart the daemon: sudo systemctl restart sshd. 4. Move SSH Off Default Port 22
While changing the port is only “security through obscurity,” changing your port away from Port 22 stops 99% of basic automated script scans. Open /etc/ssh/sshd_config.
Find #Port 22 and change it to a random number between 1024 and 65535 (e.g., Port 2222 or Port 5823).
Ensure your firewall permits the new port before restarting SSH, then run sudo systemctl restart sshd. 5. Restrict Traffic with UFW (Uncomplicated Firewall) Linux System Hardening: Top 10 Security Tips – TuxCare
Leave a Reply