Maybe you noticed in your /var/log/auth.log file, that there are many failed login attempts on your Linux server. These attempts are usually brute force attacks to gain access to your server. Brute force stands simple for trying different username and password combinations until one of them works.
How can I protect my server against these attacks?
First of all it's important that you use a secure password (which is generally important for every online login). Secure in this case stands for long and complex.
Additionally the utility fail2ban is one of the best ways to protect your SSH login. The utility can be installed on all kind of Linux distros. The main task of the program is to ban IP-Addresses when they failed the login x times for a duration of y minutes. x stands for a defined amount of failed attemps and y stands for a amount in minutes. To install the tool you can use one of the following commands:
Ubuntu/Debian based
apt-get install fail2ban
CentOS
yum install fail2ban
Now the utility is already working. In the file /etc/fail2ban/jail.conf we can configure the ban time and the amount of failed attempts.
"bantime" is the number of seconds that a host is banned. bantime = 120m # A host is banned if it has generated "maxretry" during the last "findtime" seconds. findtime = 1440m # "maxretry" is the number of failures before a host get banned. maxretry = 5