secured ssh – ufw, sshguard


You will have open only specified ports, example 80 for web, and 54321 for ssh login.
Others ports will be closed. But if somebody will create brutal force attack on port 54321 – sshguard will terminate him 🙂

Now to login you have to use command

ssh user@ip -p54321


  1. In file /etc/ssh/sshd_config – change port from 22 to for example 54321 then
    /etc/init.d/ssh restart
  2. Instal sshguard/ufw
    apt-get update  && apt-get install -y  ufw sshguard

  3. Configure sshguard
    iptables -N sshguar
    ip6tables -N sshguard
    iptables -A INPUT -j sshguard
    ip6tables -A INPUT -j sshguard
  4. Whitelist sshguard, add yours ip to
  5. Configure ufw
    sudo ufw allow 80
    sudo ufw allow 54321 <your ssh port