There were 445 failed login attempts since the last successful login.

September 21, 2015 2.5k views
Linux Basics VPN

I just create a new droplet a few minutes ago, I installed nginx and setup SSH keys to conect through PuTTY, and for my surprise when I login in my SSH Console, in the message I get:

"There were 445 failed login attempts since the last successful login."

It is very strange to me, I create my droplet a few minute ago, It will be any hacker with bruteforce trying a invasion??

2 Answers

Sounds like you should take care of a few things. If you are using SSH keys, remove password login. Then install Fail2ban.

in /etc/ssh/sshd_config change the following lines so they match this:
ChallengeResponseAuthentication no
PasswordAuthentication no

Then follow the steps in the "Configuring a Basic Firewall" section here -

Then install Fail2ban -

This is all assuming you are using Ubuntu 14.04

by Justin Ellingwood
Fail2ban is a daemon that can be run on your server to dynamically block clients that fail to authenticate correctly with your services repeatedly. This can help mitigate the affect of brute force attacks and illegitimate users of your services. In this guide, we'll show demonstrate how to install and configure fail2ban to protect SSH and Nginx on an Ubuntu 14.04 server.
  • Thanks for tips! I am using Linux CentoS 7, Ubuntu is better distro for Linux?

    • Neither is inherently "better" than the other. We tend to have the widest variety of tutorials for Ubuntu but CentOS (a RHEL clone) is also a rock solid OS with a great community.

Yes, bruteforcing SSH is very common. Disable password authentication and use public keys.

Have another answer? Share your knowledge.