Ubuntu 12 - Prevent Brute Force SSH with UFW

If you can't be bothered to change your ssh port because you will never remember that you changed it, and you don't want to limit your ssh access to just a certain list of ips that you know, you should at least set your firewall up to block computers that fail to login more than a couple times in a time period. This prevents a computer from trying to brute force its way into your computer by trying millions (probably more) of ssh login attempts every minute.


Install ufw if you havent already.
sudo apt-get install ufw
Open the terminal and put in.
sudo ufw default deny
sudo ufw limit 22
You will need to start the firewall if it isn't already running.
sudo ufw enable

After running the commands in step 2, I checked the configuration file for ufw at: /usr/share/ufw/usr.rules

It appears that it prevents a system from trying to log in more than 3 times a minute, and I'm pretty sure that if you wanted to directly change that to something like 10/minute you could.

I tested the limiting myself and it definitely works. If you want to test it yourself, don't test this by ssh'ing into your own machine, as this will use the loopback interface which is just allowed and not limited by the firewall. You should test by using an external machine to try and log in.

Also, this does not permanently ban you, but allows you to try again in 30 seconds time, meaning that if you genuinely forgot your password and it's one of 10, you will eventually get back into your system, whilst being too slow for a brute force attack to feasably crack your password.

No comments:

Post a Comment