Brute-force SSH protection
To protect your server from brute-force SSH connection attempts, you can install fail2ban
.
This program will monitor incoming connections and block IP addresses that try to log in with faulty credentials repeatedly.
/etc/fail2ban/jail.d/ssh.local
If you're using a non-standard SSH port that isn't 22
then you will need to change that in the cofig file above.
You can change the maxretry
setting, which is the number of attempts it will allow before locking the offending address out.
Save the file and restart the service.
Congratulations! You've successfully improved the security of your node 🥳
Last updated