How to Automatically Lock Out SSH Brute-Force Attacks on Ubuntu and Red Hat

Intro:

If your Linux server is exposed to the internet, it’s being scanned. SSH brute-force attempts are among the most common — attackers trying thousands of usernames and passwords in seconds. You might not see it… until it works.

In this blog, I’ll show you how to detect, throttle, and block brute-force SSH attacks using real-time tools built into Ubuntu and Red Hat-based systems.

1. Check If You’re Already Under Attack

Use this command to see recent failed SSH logins:

# Ubuntu
sudo grep "Failed password" /var/log/auth.log

# Red Hat
sudo grep "Failed password" /var/log/secure

Look for:

• Multiple failures from the same IP
• Login attempts to non-existent users

2. Enable Rate Limiting with Fail2Ban

✅ Install Fail2Ban:

# Ubuntu
sudo apt install fail2ban

# Red Hat
sudo yum install epel-release
sudo yum install fail2ban

✅ Enable SSH protection:

Edit the jail config:

sudo nano…