Client Area
Votion Edge Simulation Node
SecurityGuides

How to Prevent Brute-Force SSH Attacks on Your VPS Node

V
VOTION CORE CONTRIBUTOR
SYSTEM WRITER
6 min read

Hardening Linux Systems Against Remote Exploits

Publicly accessible cloud instances face automated brute-force attacks and port scans within minutes of deployment. To protect your server from these threats, it is critical to go beyond basic password configurations and implement a default-deny security model. This approach involves replacing traditional password logins with asymmetric key pairs (like ED25519) and using firewalls to block unauthorized access.

By using Fail2ban along with native Linux firewalls (like UFW or nftables), you can dynamically detect brute-force attempts and temporarily ban the source IP addresses. Hardening the underlying server runtime configuration, such as setting custom restrictions on system boundaries and locking down SSH settings, forms a robust defense layer that protects your applications and user data.

Establishing these parameters helps you mitigate intrusion threats without introducing routing latency or connection drops for authorized clients accessing server ports.

# /etc/fail2ban/jail.local
# Automated rate-limiting brute-force shield settings
[sshd]
enabled = true
port = 22
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 86400
findtime = 600
ignoreip = 127.0.0.1/8 192.168.1.0/24

Essential CLI Setup Steps

To implement this setup on your cloud instances, execute the following commands in sequence inside your system console:

# Step 1: Install standard firewall and threat scanning packages
sudo apt-get update && sudo apt-get install -y ufw fail2ban

# Step 2: Authorize base SSH port connections through UFW
sudo ufw allow 22/tcp
sudo ufw limit 22/tcp

# Step 3: Enable the firewall interface with the default-deny ruleset
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw --force enable

# Step 4: Run Fail2ban to actively monitor and jail malicious IPs
sudo systemctl restart fail2ban
sudo systemctl enable fail2ban

Configuring Fail2ban and System Access Guards

The Fail2ban configuration establishes a monitor over /var/log/auth.log, tracing failed authentication requests. If an external IP registers more than 5 failed authentication attempts (maxretry = 5) within a 10-minute window (findtime = 600), Fail2ban injects dynamic firewall rules to block the source host for 24 hours (bantime = 86400). This setup helps block automated dictionary and brute-force attacks.

By enforcing a default-deny policy (ufw default deny incoming), you block access to all unmapped TCP/UDP ports, minimizing the server's attack surface.

CLI_BUILDER // VPS_DEPLOYMENT_COMPILER
READY_TO_DEPLOY
// Select Instance Parameters:
Instance Name:
Anycast Region:
vCPU Allocation:
RAM Memory:
NVMe Storage:
Operating System:
// Command Output Console:
[GENERATED_CMD]
votion deploy core-node-01 --cpu 8 --ram 16 --storage 250 --region fra-1 --os ubuntu-24
// CLI STATE VALIDATION:
Config check OK. Ready to pipe.

Operational Guidelines

Before launching in production, verify your hardware meets the benchmark metrics outlined in the table below:

Security Enforcement Verification Checklist

Check ID Security Control Verification Command
01 Firewall Active Ruleset sudo ufw status verbose
02 Fail2ban active jails list sudo fail2ban-client status sshd
03 Passwordless Login Check cat /etc/ssh/sshd_config | grep PasswordAuthentication