Fighting dictionary attacks with Sshutout and Fail2ban

Closing the Book

© Andriy Solovyov, Fotolia

© Andriy Solovyov, Fotolia

Article from Issue 91/2008
Author(s):

Services that require a username and password for login are potential targets for dictionary attacks. Sshutout and Fail2ban introduce time penalties for invalid attempts.

Sshutout [1] is a daemon written in C that checks a logfile for invalid SSH logins at frequent intervals. If Sshutout discovers a pattern of failed login attempts by a client, it blocks the client according to iptables rules. After a configurable delay, the penalty is automatically revoked.

Activating the Ban

All it takes to install the 32KB tarball is the usual make; make install.

The daemon is located in /usr/local/sbin after the install, and its configuration file is /etc/sshutout.conf.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
SUBSCRIPTIONS
Print Subscriptions
Digital Subscriptions

Related content

  • SSH Security

    SSH brute-force attacks are still a major threat to Linux servers in 2025. Learn how to block them with key-only logins, Fail2ban, iptables, knockd, and more.

    more »
  • Fail2ban

    Fail2ban is a quick to deploy, easy to set up, and free to use intrusion prevention service that protects your systems from brute force and dictionary attacks.

    more »
  • Charly's Column

    Users log on to services such as SSH, ftp, SASL, POP3, IMAP, Apache htaccess, and many more using their names and passwords. These popular access mechanisms are a potential target for brute-force attacks. An attentive bouncer will keep dictionary attacks at bay.

    more »
  • Expert Security Intro

    Internet intruders have many ingenious ways of escalating privileges and hiding their presence once they get inside your system. The best protection is to keep them out in the cold.

    more »
  • System Hardening

    A good reputation does not protect your Linux systems from attack. We'll show you some tips for detecting and warding off intruders.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Mobile Programming Security Software Ubuntu Web Development Windows free software open source