{"id":18520323,"url":"https://github.com/hmes98318/ssh_secure","last_synced_at":"2026-05-19T19:02:39.922Z","repository":{"id":184233857,"uuid":"671521860","full_name":"hmes98318/ssh_secure","owner":"hmes98318","description":"Linux server script used to blacklist IP addresses of malicious attempts for brute-force SSH attacks","archived":false,"fork":false,"pushed_at":"2023-08-24T17:47:20.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-14T17:12:52.240Z","etag":null,"topics":["secure","shell-script","ssh"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hmes98318.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-07-27T14:04:55.000Z","updated_at":"2023-07-27T15:37:38.000Z","dependencies_parsed_at":"2024-12-25T23:27:12.915Z","dependency_job_id":"3a144fba-e21d-497e-ae45-2d1c84f9c1b5","html_url":"https://github.com/hmes98318/ssh_secure","commit_stats":null,"previous_names":["hmes98318/ssh_secure"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmes98318%2Fssh_secure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmes98318%2Fssh_secure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmes98318%2Fssh_secure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hmes98318%2Fssh_secure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hmes98318","download_url":"https://codeload.github.com/hmes98318/ssh_secure/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254190422,"owners_count":22029635,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["secure","shell-script","ssh"],"created_at":"2024-11-06T17:19:47.990Z","updated_at":"2026-05-19T19:02:34.899Z","avatar_url":"https://github.com/hmes98318.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ssh_secure\n**ssh_secure** is a shell script that automatically adds suspicious IP addresses to a blacklist to protect your SSH server from brute-force attacks.\n\n\n## Compatibility\n\nThis script is intended to work on CentOS 7.  \nFor Rocky Linux 9, additional steps are required to install `tcp_wrappers`.  \nPlease refer to the following link for guidance: [How to Filter SSH Connections with hosts.allow on Rocky Linux 8](https://zedt.eu/tech/linux/how-to-filter-ssh-connections-with-hosts-allow-on-rocky-linux-8/).\n\n\n## Usage\n\n1. Clone the repository or download the script to your desired location.\n2. Make the script executable: `chmod +x ssh_secure.sh`.\n3. Use root privileges to set up a crontab for automating the script.  \n\nSet up the `ssh_deny.sh` script to run every minute. It collects IP addresses from `/var/log/secure` and adds them to the `/etc/hosts.deny` file, effectively blacklisting them.\n```bash\n* * * * * /root/ssh_deny.sh\n```\n\nSet up the `firewall_drop.sh` script to run every five minutes. It retrieves the blacklisted IP addresses from `/etc/hosts.deny` and adds firewall rules to drop incoming traffic from these IPs.\n```bash\n*/5 * * * * /root/firewall_drop.sh\n```\n\n\u003e **Note:** In order for the `firewall_drop.sh` script to work effectively, the `ssh_deny.sh` script must be run periodically to update the `/etc/hosts.deny` file.\n\n\n## Contributing\n\nContributions to this project are welcome. If you find any issues or have suggestions for improvements, feel free to open an issue or submit a pull request.\n\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhmes98318%2Fssh_secure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhmes98318%2Fssh_secure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhmes98318%2Fssh_secure/lists"}