open core »

How to deal with SSH brute-force attacks

Anyone that has an SSH server running on default port (22) knows that every day, hundreds or sometimes thousands of breaking attempts are written in the logs. Some are from fully automated bots, others from possible human attackers, scanning a target at a time.

How this is done? It's pretty simple. It's just a program that tries the user root, or a dictionary of possible usernames, and a dictionary of possible passwords. If your password is in that dictionary, it's game over for you.

There are many ways to protect against this, like blacklisting an IP address after a defined number of attempts. But you can always try to have some fun with it. This article is kind of old, but it's worth taking a look.

By changing the source code of the openSSH server, adding a sleep(10) instruction in the authentication code, you can make anyone desperate trying to brake into your box.

Check it here.