To prevent this type of attacks, it is necessary to prepare a list of the IPs of those who have tried to penetrate the system and to deny these IPs using the denyhosts deamon (program).
#apt-get install denyhosts/etc/denyhosts.conf
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10In this example, if the user enters his username and password incorrectly five times or enters his username and password incorrectly ten times, The username will be blacklisted.
An IP is placed in the /etc/hosts.deny file after repeated false attempts by denyhosts.
Also, to prevent brute-force attacks, we can use iptables:
#iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH
#iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name SSH -j DROPThe above commands specify that the number of unsuccessful attempts in 60 seconds should not be more than 4.