SSH Access Limited by IP / SSH Brute Force

You can limit the SSH access by allow few IPs and deny the others. This can be done by adding in /etc/hosts.allow  file these records.

With this configuration, you allow localhost, server home network and someone’s IP. If other IP is trying to connect over SSH to this host, it will get “Connection refused”. If you look on the /var/log/secure (Ubuntu), you will see some failed connection attempts.

You can add the last line in /etc/hosts.deny . It’s the same thing.

Change SSH default port

It is recommended to change SSH default port. By default, SSH operates on 22 port. To change the port to something else, you have to edit /etc/ssh/sshd_config  and uncomment Port section, adding:

or other port. Now, an attacker should scan all ports to detect SSH.

When you have done the configuration, you have to restart sshd service with:

SSH Brute Force with Ncrack

First of all, you need a tool and a list of passwords (and a list of users, but we will search for root password). We will use  ncrack  (preinstalled on Kali Linux) as the cracker and a downloaded list.

Download the list with passwords (or generate it by yourself):

To know if SSH port is 22, scan it with nmap <ip> -p22

If the host seems to be up and listening on 22, you can try the brute force with ncrack :

ncrack -p 22 --user root -P '/opt/500-worst-passwords.txt' <ip>

Leave a Reply

Your email address will not be published. Required fields are marked *