In this tutorial we will show you how to install and configuration of SSHGuard on your Ubuntu server. For those of you who didn’t know, SSHGuard is very useful monitoring tool for preventing brute force attacks. SSHGuard reads log messages from standard input and determines malicious activities. If an attack is detected, the attacking IP address is immediately blocked in the firewall. SSHGuard lightweight monitoring tool written in C language, so it’s uses less memory and CPU while running.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step installation SSHGuard on Linux Ubuntu server.
Install SSHGuard on Ubuntu
Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.
Step 2. Install SSHGuard.
Download the latest stable version of SSHGuard, At the moment of writing this article it is version 1.5-5:
SSHGuard files will be unpacked in a new ‘sshguard-1.5’ directory. Go inside that directory and compile and install the source:
Step 3. Configure SSHGuard.
The SHGuard does not have its own configuration file so we need to configure it with Iptables. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules:
Now update the INPUT chain to pass the traffic to the sshguard chain created in the previous step. This will tell iptables to block all traffic from the offending IP addresses:
If you want to block the offending IP addresses only for a specific service such as SSH, pop, imap, ftp, etc… You can use the multiport iptables module:
Once you configure iptables to block all services that you need, save the iptables configuration:
If you do not currently use iptables and just want to get sshguard up and running without any further impact on your system, these commands will create and save an iptables configuration that does absolutely nothing except allowing sshguard to work:
Congratulation’s! You have successfully installed SSHGuard. Thanks for using this tutorial for installing SSHGuard on Ubuntu system. For additional help or useful information, we recommend you to check the official SSHGuard web site.