OpenSSH is the open-source implementation of the Secure Shell (SSH) protocol. It is based on the client-server
architecture and provides secure and convenient way of connection to Linux and other Unix-like systems over the network.
OpenSSH was included to Windows and available as an optional system component in all Windows systems starting from
Windows 10 and Windows Server 2019. You may also install it on older Windows editions from the
official repository.
SSH on port 22 is probably the most common remote access protocol over the world and it makes it goal #1 for hackers.
The new server with SSH port exposed to the world is discovered within a seconds and being subject
of the brute-force attack immediately.
Here is how the Security event log looks after a couple of hours:
OpenSSH Brute-Force Attempts on Windows Server 2019
You may discover thousands of 4525 events with:
Failure Reason: - Unknown user name or bad password
Caller Process Name: - C:\Windows\System32\OpenSSH\sshd.exe
And this is how the OpenSSH Operational log looks like:
SSH Brute-Force Attempts recorded in the OpenSSH Operational log
The OpenSSH Operational log may also contain thousands of events with the reason like below:
sshd: Failed password for invalid user <User Name> from <IP Address> port <Port> ssh2
These events mean brute-force attack on your server via SSH protocol.
RdpGuard offers effective brute-force
protection for OpenSSH server allowing you immediately stop brute-force attacks on your server via SSH protocol.
For Windows Vista/7/8/8.1/10/11 and Windows Server 2008/2012/2016/2019/2022
To Enable OpenSSH Protection
1. Start RdpGuard Dashboard and click the link next to OpenSSH
Click the OpenSSH link
2. RdpGuard service will be restarted.
OpenSSH protection status will be changed to Enabled.