Shell script settings to prevent brute force ssh

The shell script sets access control, and the IP is blocked after multiple failed logins to prevent brute force cracking of ssh

When a host is found to be performing SSH remote management to the server and the wrong password is entered 3 times within 10 minutes, firewalld will be used to respond and prohibit this IP from connecting again, and the connection will be allowed again after 6 hours.

1. System: Centos7.1 64-bit

2. Method: Read /var/log/secure and search for the keyword Failed

 Jan 4 16:29:01 centos7 sshd[1718]: Failed password for root from 192.168.120.1 port 2171 ssh2
Jan 4 16:29:02 centos7 sshd[1718]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jan 4 16:29:04 centos7 sshd[1718]: Failed password for root from 192.168.120.1 port 2171 ssh2
Jan 4 16:29:06 centos7 sshd[1718]: error: Received disconnect from 192.168.120.1 port 2171:0: [preauth]
Jan 4 16:45:53 centos7 sshd[1758]: Failed password for root from 192.168.120.134 port 40026 ssh2

3. Shell code, create test.sh

#!bin/bash
#Intercept illegal IP addresses
month=$(LANG=C date +"%b")
day=$(LANG=C date +"%e")
now=$(LANG=C date +"%T")
ten=$(LANG=C date -d "10 minutes ago" +"%T")

cat /var/log/secure |awk '$1=="'$month'" && $2=='"$day"' && $3>="'$ten'" && $3<="'$now'" { print}' |grep 'Failed'|awk -F'from' '{ print $2}' |awk '{ print $1}'|sort |uniq -c > baduser.txt

#Number of calculations
times=`awk '{ print $1 }' baduser.txt`

#banned IP address
seq=1
for i in $times
do
   ip=`sed -n ''$seq'p' baduser.txt |awk '{ print $2}'`
   if [ $i -ge 3 ]
   then
   firewall-cmd --add-rich-rule='rule family=ipv4 source address='$ip' port port=22 protocol=tcp reject' --timeout=6h
   fi
seq=`expr $seq + 1`
done

4. Put the test.sh script into the cron scheduled task and execute it every 60 minutes.

# crontab -e
*/60 * * * * sh /root/test.sh

5. Testing

1. Open a terminal window, connect to the server with ssh, and connect to the server several times with the wrong password.
Soon, there were records in the blacklist baduser.txt file on the server:

The IP has been added to the server's baduser.txt file, and cannot connect to the server, and is rejected:

This is the end of this article about shell script settings to prevent brute force cracking of ssh. For more relevant shell script anti-brute force cracking content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!