Search
Close this search box.

How to install SSHGuard on Ubuntu 20.04 LTS

Table of Contents

Try VPSie
 40% OFF Free A Month Fastest Amazing Super
Cloud Service

How to install SSHGuard on an Ubuntu 20.04 LTS

 

As a monitoring tool, SSHGuard is very beneficial for preventing brute force attacks. In addition to reading log messages, SSHGuard determines malicious activity based on the log message content. As soon as an attack is detected, the firewall blocks the IP address immediately.

 

Additionally, SHSGuard is able to protect a wide range of services out of the box. Here is a list of all the services that you can protect with SSHGuard: SSH, Sendmai, dovecot, UWimap (imap, pop), Cucipop, Exim, and so on.

 

Throughout this article, we will explain how to install SSHGuard on Ubuntu and protect the server from brute-force attacks.

 

So let’s start,

 

 

 

Step 1: Getting your system up and running

 

  1. Sign in to your system or register a newly created one by logging in to your VPSie account
  2. Connect by SSH using the credentials we emailed you.
  3. Once you have logged into your Ubuntu instance, run these commands to update your system.
apt-get update && apt-get upgrade -y

 

 

Step 2: Install SSHGuard

 

The installation can be done by running the command,

 

apt-get install sshguard

 

Afterward, edit the /etc/sshguard/sshguard.conf file and set backend to the following,

 

BACKEND="/usr/lib/x86_64-linux-gnu/sshg-fw-nft-sets"

 

Locate nft-sets will help you find the exact location of the script.

 

After enabling sshguard auto-start, you should restart the service 

 

# systemctl enable sshguard
# systemctl restart sshguard

 

Check the status,

 

systemctl status sshguard

 

OUTPUT

 

# systemctl status sshguard
● sshguard.service - SSHGuard
     Loaded: loaded (/lib/systemd/system/sshguard.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-11-27 15:52:36 UTC; 1h 10min ago
       Docs: man:sshguard(8)
    Process: 2571 ExecStartPre=/usr/sbin/iptables -N sshguard (code=exited, status=0/SUCCESS)
    Process: 2582 ExecStartPre=/usr/sbin/ip6tables -N sshguard (code=exited, status=0/SUCCESS)
   Main PID: 2583 (sshguard)
      Tasks: 8 (limit: 988)
     Memory: 4.0M
     CGroup: /system.slice/sshguard.service
             ├─2583 /bin/sh /usr/sbin/sshguard
             ├─2584 /bin/sh /usr/sbin/sshguard
             ├─2585 /usr/lib/x86_64-linux-gnu/sshg-parser
             ├─2586 /usr/lib/x86_64-linux-gnu/sshg-blocker -a 30 -p 120 -s 1800 -w /etc/sshguard/whitelist
             ├─2587 /bin/sh /usr/sbin/sshguard
             ├─2588 /bin/journalctl -afb -p info -n1 -o cat SYSLOG_FACILITY=4 SYSLOG_FACILITY=10
             └─2589 /bin/sh /usr/lib/x86_64-linux-gnu/sshg-fw-iptables

 

The installation of a brute force blocker is extremely important if you allow ssh logins with passwords. Almost every server with an exposed ssh port is being attacked by bots. My server was soon blocked from being attacked by 3 IP addresses in a matter of seconds using sshguard.

 

Take a look at this,

 

Nov 27 16:58:25 LAX-a6d2-Ubuntu sshguard[2586]: Attack from "134.122.49.13" on service 110 with danger 10.
Nov 27 16:58:25 LAX-a6d2-Ubuntu sshguard[2586]: Blocking "134.122.49.13/32" for 480 secs (3 attacks in 1 secs, after 3 abuses over 434 secs.)
Nov 27 17:02:30 LAX-a6d2-Ubuntu sshguard[2586]: Attack from "221.131.165.65" on service 100 with danger 10.
Nov 27 17:02:30 LAX-a6d2-Ubuntu sshguard[2586]: Attack from "221.131.165.65" on service 110 with danger 10.
Nov 27 17:02:31 LAX-a6d2-Ubuntu sshguard[2586]: Attack from "221.131.165.65" on service 110 with danger 10.
Nov 27 17:02:31 LAX-a6d2-Ubuntu sshguard[2586]: Blocking "221.131.165.65/32" for 120 secs (3 attacks in 1 secs, after 1 abuses over 1 secs.)
Nov 27 17:06:10 LAX-a6d2-Ubuntu sshguard[2586]: Attack from "222.186.42.13" on service 100 with danger 10.
Nov 27 17:06:11 LAX-a6d2-Ubuntu sshguard[2586]: Attack from "222.186.42.13" on service 110 with danger 10.
Nov 27 17:06:11 LAX-a6d2-Ubuntu sshguard[2586]: Attack from "222.186.42.13" on service 110 with danger 10.
Nov 27 17:06:11 LAX-a6d2-Ubuntu sshguard[2586]: Blocking "222.186.42.13/32" for 120 secs (3 attacks in 1 secs, after 1 abuses over 1 secs.)

 

I think that’s all. For more information about configuring SSHGuard to meet your needs, visit its official documentation.  

 

Stay safe with SSHGuard, thanks for reading! I hope it was informative for you! 

 

server-login-putty

SSHGuard is a security program that monitors login attempts and blocks IP addresses that exhibit malicious behavior.

SSHGuard monitors log files for login attempts and determines whether they are legitimate. If it detects repeated failed attempts, it blocks the IP address associated with the attempts.

You can install SSHGuard on Ubuntu by using the following command: sudo apt-get install sshguard

Yes, SSHGuard can be configured to monitor other protocols such as FTP, SMTP, and HTTP.

Yes, SSHGuard can be used with other Linux distributions and operating systems such as FreeBSD, OpenBSD, and macOS.

You can check if SSHGuard is running by using the next command: sudo systemctl status sshguard

You can check if SSHGuard has blocked any IP addresses by using the following command: sudo iptables -L -n | grep sshguard

Make a Comment
Share on
Facebook
Twitter
LinkedIn
Print

Try VPSie
Fastest Cloud Server Solution For Free

Category

Tags

Recent

Older Posts

Read More Posts

COMPANY

PRODUCTS

SERVICES

INDUSTRIES

HELP

LEGAL

COMMUNITY

CONTACT US

© 2022 VPSie, Inc. All rights reserved.

Facebook Twitter Linkedin Pinterest Youtube
VPSie Cloud service

Fast and Secure Cloud VPS Service

Try FREE
For a month

The First 1 orders gets free discount today! Try Sign up on VPSie to get a chance to get the discount.

GET THE OFFER NOW