I have any VPS which is hosted on Burst.net.

The openssh server running on it. When I checked the error log. I saw a lot of log in errors as below.

It is clear that the hacker want to connect this VPS through SSH as root. They tried different password, different port. All were blocked by PAM system.

sshd-error-login-try

To save the cost of these connection and PAM. I choose the way to block them per IP address.

It is TCP Wrappers,
I config it as below. Block all IPs to SSH, except my own IP address.
Allow access to sshd service only via /etc/hosts.allow:

sshd : 192.168.1.2

2
Deny everything via /etc/hosts.deny:

sshd : ALL

Then, after one day, I check the error log.
sshd-refused

That is how to block SSH connection per IP address. Also one of the best practice to protect SSH service.

David Yin

David is a blogger, geek, and web developer — founder of FreeInOutBoard.com. If you like his post, you can say thank you here

Leave a Reply

Your email address will not be published. Required fields are marked *