How an intruder attacks SSH

Brute Force

© Lead Image © imaginariumphoto,

© Lead Image © imaginariumphoto,

Article from Issue 282/2024

Sometimes the only way to break into an SSH server is through brute force – and yes, there are tools for that.

One particular Linux service needs no introduction: Secure Shell (SSH) is synonymous with logging into remote Linux devices of all varieties. You can use SSH to log into a Raspberry Pi, a mail server, a web server, or even embedded Linux devices such as those running Internet of Things (IoT) applications.

SSH emerged in the 1990s, when it became clear that the unencrypted Telnet was not suitable for communication on the open Internet. SSH version 1 was popular for years, but experts eventually began to warn that it had its own security problems. SSH version 2 was a major rewrite, due to the numerous issues that plagued version 1, including vulnerability to man-in-the-middle attacks. In the Linux world, the SSH software of choice for both client and server is called OpenSSH [1].

This article looks at some of the approaches attackers and ethical hackers use to compromise SSH servers. I will also look at how to prevent a common type of attack against SSH servers. It should go without saying: Only use the tools discussed in this article on servers that you own or explicitly have permission to test against. A number of these approaches could cause downtime or ultimately lock you out of the target SSH instance.


Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Secure Online Passwords

    Securely storing passwords online can be a complex task. With a few tools, websites can offer better security, but users still need to choose their passwords wisely.

  • Charly's Column

    Users log on to services such as SSH, ftp, SASL, POP3, IMAP, Apache htaccess, and many more using their names and passwords. These popular access mechanisms are a potential target for brute-force attacks. An attentive bouncer will keep dictionary attacks at bay.

  • Multifactor Authentication with SSH

    The Google Authenticator PAM module allows you to use time-based Google Authenticator passwords with various Linux services, including SSH.

  • Securing Your SSH Server

    An SSH server facing the Internet will almost certainly be under attack, but a few proactive steps will help to keep the intruders away.

  • Sshutout and Fail2ban

    Services that require a username and password for login are potential targets for dictionary attacks. Sshutout and Fail2ban introduce time penalties for invalid attempts.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More