First, choose any other port than 22, this will prevent hacking bots, which continually attack port 22 but you can choose any port you want, any number between 0 to 65535.  So, choose a number between 0 and 65535, for this example, I am going to use port 99.

First, type the following and add port  tcp to your firewall:


Next, edit the ssh config file by typing:

vi /etc/ssh/sshd_config

Change the following line:

# Port 22
Port 99

Next type:

service sshd restart

to restart SSH.  Next time you login, make sure to CHANGE PORT from 22 to the port you changed it to!

Next, MAKE SURE YOU HAVE A SECURE PASSWORD, if you do not, you can easily change your password by typing:

Try using a site like

Next, let’s put a brute force script to ban anyone trying to brute force attack your password, it will ban any IPs for 10 hours if they enter the wrong password 3 times in a row:

yum -y install epel-release;yum -y install fail2ban;systemctl enable fail2ban;cd /etc/fail2ban/;wget;systemctl restart fail2ban

After that type:
fail2ban-client status

The current values will ban any brute force attacks but if you want to change the parameters, you can change it here:
You can use Nano or Vi to edit the file.

Now, this tutorial has been made for noobs and beginners. If you are an expert, I do recommend using SSH keys which are more secure but with strong password and brute force script, you should be fine.

More info on Fail2ban here.

Above is for CentOS6, for CentOS7, see:

yum -y install epel-release;yum -y install fail2ban;chkconfig fail2ban on;cd /etc/fail2ban/;wget;service fail2ban start