Mitigating SSH brute-force threats on Linux systems

Locking the Gate

© Photo by Zoshua Colah on Unsplash

© Photo by Zoshua Colah on Unsplash

Article from Issue 302/2026
Author(s):

SSH brute-force attacks are still a major threat to Linux servers in 2025. Learn how to block them with key-only logins, Fail2ban, iptables, knockd, and more.

Brute-force attacks on Secure Shell (SSH) have existed for over a decade, yet they remain one of the most common and dangerous attack vectors on Linux systems today. In 2025, attackers are not guessing passwords manually; they are using automated botnets that scan and break into thousands of servers at a time with industrial speed.

One example is the recently discovered PumaBot, a botnet written in Go and designed specifically to infect Linux-based devices, including cloud virtual machines (VMs), personal servers, and even embedded systems. PumaBot uses SSH brute-force techniques to compromise devices and then links them together in a wider network, giving attackers access to computing power, storage, and Internet bandwidth for malicious purposes.

The botnet targets devices with open SSH ports and either weak or default credentials. Once a device is compromised, it can be used to launch further attacks, mine cryptocurrency, exfiltrate data, or deliver malware. With many people still using password-based logins for SSH, PumaBot and similar tools continue to succeed.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column

    Users log on to services such as SSH, ftp, SASL, POP3, IMAP, Apache htaccess, and many more using their names and passwords. These popular access mechanisms are a potential target for brute-force attacks. An attentive bouncer will keep dictionary attacks at bay.

    more »
  • Fail2ban

    Fail2ban is a quick to deploy, easy to set up, and free to use intrusion prevention service that protects your systems from brute force and dictionary attacks.

    more »
  • UFW Firewall

    UFW takes the complexity out of iptables, which is great for beginners and is even good for experienced users who want to keep it simple and avoid hidden mistakes.

    more »
  • Sshutout and Fail2ban

    Services that require a username and password for login are potential targets for dictionary attacks. Sshutout and Fail2ban introduce time penalties for invalid attempts.

    more »
  • Security Lessons: Password Storage

    High-performance graphics cards and proper storage can help keep your passwords secure.

    more »
comments powered by Disqus