How to avoid unwanted SSH login attempts?

While using VM, you may experience a situation when some unknown IP addresses are constantly trying to log into your machine. This is a normal situation in the Internet because plenty of bots are trying to scour servers in order to find addresses vulnerable to attack via open SSH service. There are several hints about how to avoid being attacked.

  • The easiest way for getting rid of unwanted access attempts is stated in our FAQ, please take a look on that link: How to restrict access to VM for chosen IP addresses?( link) (Please note that if you want to enable your users to access VMs via SSH from anywhere, you have to keep the TCP 22 port open without any limitations)

  •  Do not allow login with password, it could limit the risk significantly. Users can access VMs with their private / public keypair then, and it is a good practice.

  •  A VPN is even a safer solution, however a little less convenient. In cyber-security, the ease of use is generally inversely proportional to the level of security (the more convenient the less secure). An OpenVPN server is to be installed on a dedicated VM. Other VMs will not allow ingress traffic to port 22 from any other direction than the VPN server. Before gaining access to VMs, the user would have to connect to the VPN server and with this connection, the user would be able to access all VMs in the project, even those without public Floating IP addresses. For more information, please refer to the article: How to set up a VPN server (link)

  •  Fail2ban blocks source IP addresses after three unsuccessful attempts of logging in. Even fail2ban is not a definitive resolution, it helps to reduce the risk by temporarily blocking attacking source IP addresses after three failed attempts.

    You can install fail2ban application by entering in terminal:

For more information regarding the installation and configuration of fail2ban, please visit that site: https://www.fail2ban.org/wiki/index.php/HOWTOs 

Was this article helpful?