How to install SSHGuard on an Ubuntu VPS

SSHGuard is very useful monitoring tool for preventing brute force attacks. SSHGuard reads log messages from standard input and determines malicious activities. If an attack is detected, the attacking IP address is immediately blocked in the firewall. In this article we will guide you through the steps of installing SSHGuard on an Ubuntu VPS and protecting your server against brute-force attacks.Excepts the SSH service as the name suggests, SHSGuard can also protect many services out of the box. Listed below are all services that can be protected by SSHGuard:

• SSH
• Sendmail
• Exim
• dovecot
• Cucipop
• UWimap (imap, pop)
• vsftpd
• proftpd
• pure-ftpd
• FreeBSD ftpd
• Request new!

Log in to your server as user root

ssh root@IP

Before proceeding any further it is best to start a screen session by executing the following command

screen -U -S sshguard

We will need to compile and install SSHGuard from source, so install the necessary packages

apt-get install gcc make

Make sure that all packages on your Ubuntu server are up to date

apt-get update
apt-get upgrade

Now, Change the current working directory and download the latest SSHGuard source to your server

cd /opt
wget http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2

Unpack the downloaded archive

bunzip2 sshguard-1.5.tar.bz2
tar -xvf sshguard-1.5.tar

All SSHGuard files will be unpacked in a new ‘sshguard-1.5’ directory. Go inside that directory and compile and install the source

cd sshguard-1.5
./configure –with-firewall=iptables
make && make install

This will install the sshguard binary on your server.

SSHGuard does not have its own configuration file so we need to configure it with Iptables. First of all create a new chain in iptables so SSHGuard can insert its blocking rules

iptables -N sshguard

Now update the INPUT chain to pass the traffic to the sshguard chain created in the previous step. This will tell iptables to block all traffic from the offending IP addresses

iptables -A INPUT -j sshguard

If you want to block the offending IP addresses only for a specific service such as SSH, pop, imap, ftp, etc… you can use the multiport iptables module. For example, if you want to block the traffic for the FTP service you can use the following command

iptables -A INPUT -m multiport -p tcp --destination-ports 21 -j sshguard

You can also block the offending IP addresses for multiple servives using the following command

iptables -A INPUT -m multiport -p tcp --destination-ports 22,25,21 -j sshguard

This rule will block the traffic for the SSH, mail and FTP services.

Once you configure iptables to block all services that you need, save the iptables configuration

service iptables save

That’s all. You can visit SSHGuard’s official documentation to learn how to configure SSHGuard according to your needs.

Of course you don’t have to do any of this if you use one of our Ubuntu Web Hosting services, in which case you can simply ask our expert Linux admins to install SSHGuard for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.