How to avoid unwanted SSH login attempts?
While using VM, you may experience situation when some unknown IP adresses are constantly trying to log into your machine.
This is a normal situation in the Internet, because plenty of bots are trying to scour servers in order to find addresses vulnerable to attack via open SSH service. There are several hints how to avoid being attacked:
- The easiest way for getting rid of unwanted access attempts is stated in our FAQ, please take a look on that link: How to restrict access to VM for chosen IP addresses? (Please note that if you want to enable your users to access VMs via SSH from anywhere, you have to keep the TCP 22 port open without any limitations)
- Do not allow login with password, it could limit the risk significantly. Users can access VMs with their private / public keypair then, and it is a good practice.
- A VPN is even a safer solution, however a little less convenient. In cyber-security, the ease of use is generally inversely proportional to the level of security (the more convenient the less secure). An OpenVPN server is to be installed on a dedicated VM. Other VMs will not allow ingress traffic to port 22 from any other direction than the VPN server. Before gaining access to VMs, user would have to connect to the VPN server and with this connection user would be able to access all VMs in the project, even those without public Floating IP addresses.
Fail2ban blocks source IP adresses after three unsuccessful attempts of logging in. Even fail2ban is not a definitive resolution, it helps reducing the risk by temporarily blocking attacking source IP addresses after three failed attempts.
You can install fail2ban application by entering in terminal:
apt-get install fail2banFor more informations regarding instalation and configuration of fail2ban, please visit Fail2ban HOWTO Knowledgebase