Use fail2ban to protect your RHEL servers from ssh brute-forcers
$ sudo yum -y install epel-release $ sudo yum -y install fail2ban $ sudo systemctl enable --now fail2ban.service
Edit the config file to set the jail
$ sudo vim /etc/fail2ban/jail.local
Here is a sample config that bans ssh brute force hosts for 1 hour.
[DEFAULT] bantime = 3600 banaction = iptables-multiport [sshd] enabled = true
You can also define
maxretry in the config.
Reload the service
$ sudo systemctl restart fail2ban.service
Query the jail
You can query the ban list by doing:
$ sudo fail2ban-client status sshd