Restrict Server Access via SSH Client
This article is related to Server Got Hacked, Crontab Has Been Modified.
Limit IP Address
To limit ip address of incoming connections to server via ssh, it can be done by:
-
Edit file
/etc/hosts.allow
. -
Then add the following script.
sshd : ip_attacker : deny
- Save and exit.
Limit Users or Groups
To limit users or groups of incoming connections to server via ssh, it can be done by:
-
Edit file
/etc/ssh/sshd_config
. -
Then add the following script.
To limit users:
DenyUsers user_Attacker
To limit groups:
DenyGroups groupUsers
- Save and exit. And restart service sshd.
$ sudo systemctl restart sshd
Because the ip that has brute force to the server every minute does not change, so I need to limit the attacker’s ip connection.