Question

There were 445 failed login attempts since the last successful login.

Posted September 21, 2015 8.1k views
Linux Basics VPN

I just create a new droplet a few minutes ago, I installed nginx and setup SSH keys to conect through PuTTY, and for my surprise when I login in my SSH Console, in the message I get:

“There were 445 failed login attempts since the last successful login.”

It is very strange to me, I create my droplet a few minute ago, It will be any hacker with bruteforce trying a invasion??

Add a comment
nayzash
By:
nayzash
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

2 answers
prudentmav September 21, 2015

Sounds like you should take care of a few things. If you are using SSH keys, remove password login. Then install Fail2ban.

in /etc/ssh/sshd_config change the following lines so they match this:
ChallengeResponseAuthentication no
PasswordAuthentication no

Then follow the steps in the “Configuring a Basic Firewall” section here - https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-servers

Then install Fail2ban - https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

This is all assuming you are using Ubuntu 14.04

How To Protect SSH with Fail2Ban on Ubuntu 14.04
by Justin Ellingwood
Fail2ban is a daemon that can be run on your server to dynamically block clients that fail to authenticate correctly with your services repeatedly. This can help mitigate the affect of brute force attacks and illegitimate users of your services. In this guide, we'll show demonstrate how to install and configure fail2ban to protect SSH and Nginx on an Ubuntu 14.04 server.
Reply Report
Woet September 21, 2015

Yes, bruteforcing SSH is very common. Disable password authentication and use public keys.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help