{"id":211,"date":"2026-05-13T11:54:38","date_gmt":"2026-05-13T03:54:38","guid":{"rendered":"https:\/\/junai.ai\/blog\/linux-server-hardening-25\/"},"modified":"2026-05-13T11:54:38","modified_gmt":"2026-05-13T03:54:38","slug":"linux-server-hardening-25","status":"publish","type":"post","link":"https:\/\/junai.ai\/blog\/linux-server-hardening-25\/","title":{"rendered":"\ub9ac\ub205\uc2a4 \uc11c\ubc84 \ubcf4\uc548 \ud558\ub4dc\ub2dd \u2014 SSH\u00b7fail2ban (25\ud3b8)"},"content":{"rendered":"\n<!-- WordPress REST API \ubc1c\ud589\uc6a9 HTML (\uc790\ub3d9 \uc0dd\uc131) -->\n<!-- WP-FEATURED-MEDIA-ID: 205 -->\n<div style=\"max-width:800px;margin:0 auto;\">\n<style>\n:root{\n  --color-primary:#1e40af;--color-accent:#3b82f6;--color-bg:#fafafa;--color-bg-card:#ffffff;\n  --color-text:#1e293b;--color-text-muted:#64748b;--hero-start:#0f172a;--hero-end:#1e40af;\n  --font-body:-apple-system,BlinkMacSystemFont,'Apple SD Gothic Neo','Noto Sans KR',sans-serif;\n  --size-body:17px;--line-height:1.75;--h1-size:32px;--h2-size:27px;--h3-size:20px;\n}\n*{margin:0;padding:0;box-sizing:border-box;}\n.wrap{max-width:760px;margin:0 auto;padding:0 20px;}\n.hero{background:linear-gradient(135deg,var(--hero-start) 0%,var(--hero-end) 100%);color:#fff;padding:64px 0 56px;text-align:center;}\n.hero .eyebrow{display:inline-block;font-size:13px;letter-spacing:1px;text-transform:uppercase;color:#93c5fd;font-weight:700;margin-bottom:16px;}\n.hero h1{font-size:var(--h1-size);line-height:1.32;letter-spacing:-0.3px;font-weight:800;margin-bottom:18px;}\n.hero p.sub{font-size:18px;color:#cbd5e1;max-width:620px;margin:0 auto;}\n.hero .meta{margin-top:22px;font-size:14px;color:#94a3b8;}\n.hero-img{display:block;width:100%;height:auto;}\narticle{padding:48px 0 24px;}\narticle h2{font-size:var(--h2-size);line-height:1.35;letter-spacing:-0.3px;font-weight:800;margin:48px 0 18px;padding-left:14px;border-left:5px solid var(--color-primary);}\narticle h2:first-of-type{margin-top:8px;}\narticle h3{font-size:var(--h3-size);font-weight:700;margin:28px 0 10px;color:#0f172a;}\narticle p{margin:0 0 18px;}\narticle ul,article ol{margin:0 0 18px 4px;padding-left:22px;}\narticle li{margin-bottom:9px;}\narticle strong{color:#0f172a;font-weight:700;}\narticle a{color:var(--color-primary);text-decoration:underline;text-underline-offset:2px;}\narticle code{background:#0f172a;color:#e2e8f0;padding:2px 7px;border-radius:5px;font-size:0.9em;font-family:'SF Mono',Menlo,Consolas,monospace;}\n.intro p:first-child{font-size:19px;color:#334155;}\n.notice{background:#eef2ff;border:1px solid #c7d2fe;border-radius:10px;padding:14px 18px;margin:0 0 30px;font-size:15px;color:#3730a3;}\n.notice b{color:#312e81;}\n.tablewrap{overflow-x:auto;-webkit-overflow-scrolling:touch;margin:22px 0;}\ntable{width:100%;border-collapse:collapse;font-size:15px;background:var(--color-bg-card);}\nth,td{padding:11px 12px;text-align:left;border-bottom:1px solid #e2e8f0;vertical-align:top;}\nth{background:#f1f5f9;font-weight:700;color:#0f172a;}\ntd:first-child,th:first-child{font-weight:700;}\n@media (max-width:560px){\n  .tablewrap table,.tablewrap thead,.tablewrap tbody,.tablewrap tr,.tablewrap th,.tablewrap td{display:block;width:auto;}\n  .tablewrap thead{display:none;}\n  .tablewrap tr{margin:0 0 14px;border:1px solid #e2e8f0;border-radius:10px;overflow:hidden;}\n  .tablewrap td{border:none;border-bottom:1px solid #f1f5f9;padding:9px 14px;}\n  .tablewrap td:first-child{background:#f1f5f9;font-weight:800;font-size:15.5px;}\n  .tablewrap td:last-child{border-bottom:none;}\n  .tablewrap td[data-label]::before{content:attr(data-label) \" \u2014 \";font-weight:700;color:var(--color-primary);}\n}\n.databox{background:#eff6ff;border-left:4px solid var(--color-accent);border-radius:0 8px 8px 0;padding:16px 18px;margin:20px 0;font-size:15.5px;}\n.databox b{color:var(--color-primary);}\n.warnbox{background:linear-gradient(135deg,#fef2f2 0%,#fee2e2 100%);border-radius:10px;padding:16px 18px;margin:22px 0;font-size:15.5px;color:#7f1d1d;}\n.cmd{background:#0f172a;color:#e2e8f0;border-radius:10px;padding:14px 16px;margin:14px 0;font-family:'SF Mono',Menlo,Consolas,monospace;font-size:14px;line-height:1.8;overflow-x:auto;-webkit-overflow-scrolling:touch;white-space:pre-wrap;}\n.cmd .c{color:#7dd3fc;}\n.cmd .o{color:#94a3b8;}\n.cmd .t{color:#fbbf24;}\n.cmd .k{color:#c084fc;}\n.cmd .r{color:#f87171;}\n.checklist{background:var(--color-bg-card);border:1px solid #e2e8f0;border-radius:12px;padding:18px 22px;margin:18px 0;}\n.checklist li{margin-bottom:9px;}\n.roadmap{background:var(--color-bg-card);border:1px solid #e2e8f0;border-radius:12px;padding:18px 20px;margin:24px 0;font-size:15px;}\n.roadmap h3{margin:0 0 10px;font-size:17px;color:#0f172a;}\n.roadmap ol{margin:0 0 0 4px;padding-left:20px;}\n.roadmap li{margin-bottom:5px;color:#475569;}\n.cta{background:#0f172a;color:#e2e8f0;border-radius:14px;padding:26px 24px;margin:40px 0 8px;text-align:center;}\n.cta h3{color:#fff;margin:0 0 8px;font-size:19px;}\n.cta p{margin:0 0 4px;font-size:15px;color:#cbd5e1;}\n.cta a{color:#93c5fd;}\nfooter{padding:30px 0 50px;text-align:center;color:var(--color-text-muted);font-size:13.5px;}\n@media (max-width:480px){:root{--h1-size:23px;--h2-size:20px;--size-body:16px;}.hero{padding:48px 0 40px;}article{padding:34px 0 16px;}.cmd{font-size:12.5px;}}\n<\/style>\n<header class=\"hero\">\n  <div class=\"wrap\">\n    <span class=\"eyebrow\">\uc6b0\ubd84\ud22c \u00b7 \ub9ac\ub205\uc2a4 \uc785\ubb38 \u2014 25\ud3b8 (\uace0\uae09)<\/span>\n    <h1>\ub9ac\ub205\uc2a4 \uc11c\ubc84 \ubcf4\uc548 \ud558\ub4dc\ub2dd \u2014 SSH\u00b7fail2ban\u00b7\uc790\ub3d9 \ud328\uce58\u00b7\ucd5c\uc18c \uad8c\ud55c<\/h1>\n    <p class=\"sub\">\uacf5\uac1c \uc11c\ubc84\ub97c \uc778\ud130\ub137\uc5d0 \ub744\uc6b0\ub294 \uc21c\uac04 \uc790\ub3d9 \uc2a4\uce90\ub108\uac00 \ub178\ub9bd\ub2c8\ub2e4. \ub744\uc6b4 \uc9c1\ud6c4 30\ubd84\uc774\uba74 \ud754\ud55c \uacf5\uaca9\uc740 \uac70\uc758 \ub9c9\uc744 \uc218 \uc788\uc5b4\uc694.<\/p>\n    <p class=\"meta\">2026\ub144 5\uc6d4 13\uc77c \u00b7 \uc57d 8\ubd84 \u00b7 26\ud3b8 \uc785\ubb38 \uc2dc\ub9ac\uc988 25\ud3b8<\/p>\n  <\/div>\n<\/header>\n\n<img decoding=\"async\" class=\"hero-img\" src=\"https:\/\/junai.ai\/blog\/wp-content\/uploads\/2026\/05\/hero-32.jpg\" alt=\"SSH \ud0a4 \uc778\uc99d\u00b7root \uae08\uc9c0\u00b7ufw\u00b7fail2ban\u00b7unattended-upgrades \uccb4\ud06c\ub9ac\uc2a4\ud2b8\uc640 auth.log\u00b7fail2ban-client \uc810\uac80 \uba85\ub839\uc774 \ubcf4\uc774\ub294 \ud130\ubbf8\ub110 \ud654\uba74 \uc77c\ub7ec\uc2a4\ud2b8 \u2014 \uc11c\ubc84 \ubcf4\uc548 \ud558\ub4dc\ub2dd\uc744 \uc0c1\uc9d5\">\n\n<div class=\"wrap\">\n<article>\n\n  <div class=\"intro\">\n    <p>\uc11c\ubc84\ub97c \uacf5\uac1c \uc778\ud130\ub137\uc5d0 \uc62c\ub9ac\uba74, \uba87 \ubd84 \uc548\uc5d0 \uc790\ub3d9 \uc2a4\uce90\ub108\uac00 SSH \ud3ec\ud2b8\ub97c \ub450\ub4dc\ub9ac\uae30 \uc2dc\uc791\ud569\ub2c8\ub2e4 \u2014 <code>auth.log<\/code>(24\ud3b8)\ub97c \uc5f4\uc5b4\ubcf4\uba74 &#8220;Failed password&#8221; \uac00 \ub05d\uc5c6\uc774 \ucc0d\ud600 \uc788\uc744 \uac70\uc608\uc694. \ucc9c\uc7ac \ud574\ucee4\uac00 \uc544\ub2c8\ub77c <strong>\uc2a4\ud06c\ub9bd\ud2b8<\/strong>\uac00 \uc57d\ud55c \uacf3\uc744 \ud6d1\ub294 \uac81\ub2c8\ub2e4. \ub2e4\ud589\ud788 \ub9c9\ub294 \uac74 \uc5b4\ub835\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4 \u2014 \uac70\uc758 \ub2e4 &#8220;\uc124\uc815 \uba87 \uc904 + \ud328\ud0a4\uc9c0 \ub450 \uac1c&#8221;\uc608\uc694.<\/p>\n    <div class=\"notice\"><b>\uba3c\uc800:<\/b> 9\ud3b8(\uad8c\ud55c)\u00b710\ud3b8(sudo)\u00b717\ud3b8(ufw)\u00b718\ud3b8(SSH \ud0a4)\u00b719\ud3b8(systemd)\u00b724\ud3b8(auth.log)\uc744 \ubd24\ub2e4\uba74 \uc774\uc5b4\uc9d1\ub2c8\ub2e4. \ud2b9\ud788 18\ud3b8\uc758 <strong>SSH \ud0a4\uac00 \uc774\ubbf8 \uc124\uc815\ub3fc \uc788\uc5b4\uc57c<\/strong> \ud569\ub2c8\ub2e4(\ud0a4 \uc5c6\uc774 \ube44\ubc88\uc744 \ub044\uba74 \uc7a0\uaca8\uc694). \uc21c\uc11c \u2014 <strong>\u2460 SSH \uac15\ud654 \u2192 \u2461 fail2ban \u2192 \u2462 \uc790\ub3d9 \ud328\uce58 + \ucd5c\uc18c \uad8c\ud55c \u2192 \u2463 \uc810\uac80 \uc2b5\uad00\u00b7\uccb4\ud06c\ub9ac\uc2a4\ud2b8<\/strong>.<\/div>\n  <\/div>\n\n  <h2>SSH \uac15\ud654 \u2014 \ud0a4\ub9cc, root \uae08\uc9c0<\/h2>\n  <p>\uacf5\uac1c \uc11c\ubc84\uc758 1\uc21c\uc704\ub294 SSH\uc785\ub2c8\ub2e4. 18\ud3b8\uc5d0\uc11c \ud0a4 \uc778\uc99d\uc744 \ub9cc\ub4e4\uc5c8\uc73c\ub2c8, \uc774\uc81c <strong>\ube44\ubc00\ubc88\ud638 \ub85c\uadf8\uc778\uc744 \ub044\uace0 root \uc9c1\uc811 \uc811\uc18d\uc744 \ub9c9\uc2b5\ub2c8\ub2e4.<\/strong> <code>sudo nano \/etc\/ssh\/sshd_config<\/code> \uc5d0\uc11c:<\/p>\n  <div class=\"cmd\"><span class=\"o\"># \/etc\/ssh\/sshd_config<\/span>\nPasswordAuthentication <span class=\"t\">no<\/span>      <span class=\"o\"># \ube44\ubc88 \ub85c\uadf8\uc778 \uae08\uc9c0 \u2014 \ud0a4\ub9cc (18\ud3b8\uc758 \ud0a4\uac00 \uc788\uc5b4\uc57c \ud568!)<\/span>\nPermitRootLogin <span class=\"t\">no<\/span>             <span class=\"o\"># root \ub85c \uc9c1\uc811 \uc811\uc18d \uae08\uc9c0 (\uc77c\ubc18 \uc0ac\uc6a9\uc790\ub85c \ub4e4\uc5b4\uc640\uc11c sudo)<\/span>\n<span class=\"o\">#Port 22<\/span>                       <span class=\"o\"># (\uc120\ud0dd) \ud3ec\ud2b8\ub97c 22 \uc678\ub85c \u2014 \uc790\ub3d9 \uc2a4\uce94\uc744 \uc880 \uc904\uc5ec\uc90c, \ud544\uc218\ub294 \uc544\ub2d8<\/span>\nAllowUsers <span class=\"t\">myuser<\/span>             <span class=\"o\"># (\uc120\ud0dd) \uc774 \uc0ac\uc6a9\uc790\ub9cc SSH \ud5c8\uc6a9 \u2014 \uc774\ub984 \ubc14\uafd4\uc11c<\/span><\/div>\n  <div class=\"cmd\"><span class=\"o\">$<\/span> sudo sshd -t                  <span class=\"o\"># \uc124\uc815 \ubb38\ubc95 \uac80\uc0ac (\uc5d0\ub7ec \uc5c6\uc5b4\uc57c \ud568)<\/span>\n<span class=\"o\">$<\/span> sudo systemctl restart ssh     <span class=\"o\"># \uc801\uc6a9 (\ub610\ub294 ssh.service)<\/span><\/div>\n  <div class=\"warnbox\"><strong>\u26a0\ufe0f \uc7a0\uae30\uc9c0 \uc54a\uac8c \u2014 \uc808\ub300 \uaddc\uce59:<\/strong> SSH \uc124\uc815\uc744 \ubc14\uafb8\uace0 <code>restart<\/code> \ud55c \ub4a4, <strong>\uc9c0\uae08 \uc138\uc158\uc744 \ub2eb\uc9c0 \ub9d0\uace0<\/strong> \uc0c8 \ud130\ubbf8\ub110\uc744 \uc5f4\uc5b4 \ub2e4\uc2dc \uc811\uc18d\uc774 \ub418\ub294\uc9c0 \ud655\uc778\ud558\uc138\uc694. \ub418\uba74 \uadf8\ub54c \uae30\uc874 \uc138\uc158\uc744 \ub2eb\uc2b5\ub2c8\ub2e4. \ud0a4\uac00 \uc798\ubabb\ub410\uac70\ub098 \uc124\uc815 \uc624\ud0c0\uac00 \uc788\uc73c\uba74 \uc0c8 \uc811\uc18d\ub9cc \ub9c9\ud788\uace0 \uae30\uc874 \uc138\uc158\uc740 \uc0b4\uc544 \uc788\uc5b4\uc11c \ubcf5\uad6c\ud560 \uc218 \uc788\uc5b4\uc694. \ud074\ub77c\uc6b0\ub4dc\ub77c\uba74 \ucf58\uc194(\uc6f9 \ud130\ubbf8\ub110) \uc811\uc18d\ubc95\ub3c4 \ubbf8\ub9ac \uc54c\uc544\ub450\uae30.<\/div>\n\n  <h2>fail2ban \u2014 \ubb34\ucc28\ubcc4 \ub300\uc785 \uc790\ub3d9 \ucc28\ub2e8<\/h2>\n  <p>\ud0a4\ub9cc \ud5c8\uc6a9\ud574\ub3c4 \uc2a4\uce90\ub108\ub294 \uacc4\uc18d \ub450\ub4dc\ub9bd\ub2c8\ub2e4(\ub85c\uadf8\uac00 \uc9c0\uc800\ubd84\ud574\uc9c0\uace0 \ubbf8\uc138\ud558\uac8c \ubd80\ud558). <code>fail2ban<\/code> \uc740 <code>auth.log<\/code>(24\ud3b8)\ub97c \uac10\uc2dc\ud558\ub2e4\uac00 <strong>\ub85c\uadf8\uc778 \uc2e4\ud328\uac00 \ubc18\ubcf5\ub418\ub294 IP\ub97c \uc77c\uc815 \uc2dc\uac04 \uc790\ub3d9 \ucc28\ub2e8<\/strong>\ud569\ub2c8\ub2e4(\ubc29\ud654\ubcbd \uaddc\uce59\uc744 \uc790\ub3d9\uc73c\ub85c \ucd94\uac00):<\/p>\n  <div class=\"cmd\"><span class=\"o\">$<\/span> sudo apt install fail2ban           <span class=\"o\"># \uc124\uce58 (11\ud3b8)<\/span>\n<span class=\"o\">$<\/span> sudo nano \/etc\/fail2ban\/jail.local   <span class=\"o\"># \uc0ac\uc6a9\uc790 \uc124\uc815\uc740 jail.local \uc5d0 (jail.conf \ub294 \uac74\ub4dc\ub9ac\uc9c0 \uc54a\uc74c)<\/span><\/div>\n  <div class=\"cmd\"><span class=\"o\"># \/etc\/fail2ban\/jail.local<\/span>\n<span class=\"k\">[DEFAULT]<\/span>\nbantime  = <span class=\"t\">1h<\/span>          <span class=\"o\"># \ucc28\ub2e8 \uc2dc\uac04 (\ubc18\ubcf5 \uc704\ubc18 \uc2dc \ub298\ub9ac\ub824\uba74 bantime.increment = true)<\/span>\nfindtime = <span class=\"t\">10m<\/span>         <span class=\"o\"># \uc774 \uc2dc\uac04 \uc548\uc5d0<\/span>\nmaxretry = <span class=\"t\">5<\/span>           <span class=\"o\"># 5\ubc88 \uc2e4\ud328\ud558\uba74 \ucc28\ub2e8<\/span>\n\n<span class=\"k\">[sshd]<\/span>\nenabled = <span class=\"t\">true<\/span>          <span class=\"o\"># SSH \ubcf4\ud638 \ucf1c\uae30 (\uae30\ubcf8 jail)<\/span><\/div>\n  <div class=\"cmd\"><span class=\"o\">$<\/span> sudo systemctl restart fail2ban\n<span class=\"o\">$<\/span> sudo fail2ban-client status sshd     <span class=\"o\"># \ud604\uc7ac \ucc28\ub2e8\ub41c IP \ubaa9\ub85d\u00b7\ud1b5\uacc4<\/span>\n<span class=\"o\">$<\/span> sudo fail2ban-client set sshd unbanip 1.2.3.4   <span class=\"o\"># \uc2e4\uc218\ub85c \ub0b4 IP\uac00 \ub9c9\ud614\uc73c\uba74 \ud480\uae30<\/span><\/div>\n  <p>\uc774\uac78\ub85c &#8220;Failed password&#8221; \ud3ed\uaca9\uc774 \uba87 \ubc88 \ub9cc\uc5d0 \ub04a\uae41\ub2c8\ub2e4. (nginx\u00b7\uc6b0\ud3b8 \uc11c\ubc84 \ub4f1 \ub2e4\ub978 \uc11c\ube44\uc2a4\uc6a9 jail \ub3c4 \uc788\uc5b4\uc694 \u2014 \uac19\uc740 \ud615\uc2dd\uc73c\ub85c \ucd94\uac00.)<\/p>\n\n  <h2>\uc790\ub3d9 \ubcf4\uc548 \ud328\uce58 + \ucd5c\uc18c \uad8c\ud55c<\/h2>\n  <p><strong>\uc790\ub3d9 \ubcf4\uc548 \ud328\uce58 \u2014 unattended-upgrades.<\/strong> \uc54c\ub824\uc9c4 \ucde8\uc57d\uc810\uc740 \ud328\uce58\ub9cc \ube68\ub9ac \uc801\uc6a9\ud574\ub3c4 \ub300\ubd80\ubd84 \ub9c9\ud799\ub2c8\ub2e4. &#8220;\ubcf4\uc548 \uc5c5\ub370\uc774\ud2b8\ub9cc&#8221; \uc790\ub3d9\uc73c\ub85c \uae54\uac8c \uc124\uc815:<\/p>\n  <div class=\"cmd\"><span class=\"o\">$<\/span> sudo apt install unattended-upgrades\n<span class=\"o\">$<\/span> sudo dpkg-reconfigure -plow unattended-upgrades   <span class=\"o\"># \ud65c\uc131\ud654 (Yes)<\/span>\n<span class=\"o\"># \/etc\/apt\/apt.conf.d\/50unattended-upgrades \u2014 \ubcf4\uc548\ub9cc vs \uc77c\ubc18\uae4c\uc9c0, \uc790\ub3d9 \uc7ac\ubd80\ud305 \uc5ec\ubd80 \ub4f1 \uc870\uc815<\/span>\n<span class=\"o\">$<\/span> sudo unattended-upgrade &#8211;dry-run -d            <span class=\"o\"># \ubb58 \uae54\uc9c0 \ubbf8\ub9ac\ubcf4\uae30<\/span><\/div>\n  <p><strong>\ucd5c\uc18c \uad8c\ud55c \u2014 &#8220;\ud544\uc694\ud55c \ub9cc\ud07c\ub9cc&#8221;.<\/strong> \ubcf4\uc548\uc758 \uc808\ubc18\uc740 \uad8c\ud55c\uc744 \uc881\ud788\ub294 \uac83\uc785\ub2c8\ub2e4(9\u00b710\u00b717\u00b719\ud3b8\uc758 \uc885\ud569):<\/p>\n  <ul>\n    <li><strong>root \ub85c \uc0b4\uc9c0 \ub9d0 \uac83<\/strong> \u2014 \uc704 SSH\uc758 <code>PermitRootLogin no<\/code>. \uc77c\uc0c1\uc740 \uc77c\ubc18 \uc0ac\uc6a9\uc790, \ud544\uc694\ud560 \ub54c\ub9cc <code>sudo<\/code>(10\ud3b8). <code>su -<\/code> \ub85c root \uc178\uc744 \ub744\uc6cc \ub193\uace0 \uc791\uc5c5\ud558\uc9c0 \uc54a\uae30.<\/li>\n    <li><strong>\uc11c\ube44\uc2a4\ub294 \uc804\uc6a9 \uacc4\uc815\uc73c\ub85c<\/strong> \u2014 \uc6f9\uc571\u00b7\ub370\ubaac\uc744 root \ub85c \ub3cc\ub9ac\uc9c0 \ub9d0\uace0 \uadf8 \uc11c\ube44\uc2a4\uc6a9 \uacc4\uc815\uc73c\ub85c(19\ud3b8\uc758 systemd \uc720\ub2db\uc5d0\uc11c <code>User=<\/code>). \ub6ab\ub824\ub3c4 \ud53c\ud574\uac00 \uadf8 \uacc4\uc815 \ubc94\uc704\ub85c \ud55c\uc815.<\/li>\n    <li><strong>\ud30c\uc77c \uad8c\ud55c \ucd5c\uc18c<\/strong> \u2014 9\ud3b8: \ub514\ub809\ud1a0\ub9ac <code>755<\/code>\u00b7\ud30c\uc77c <code>644<\/code> \uae30\ubcf8, \ube44\ubc00\uc774 \ub4e0 \ud30c\uc77c(\ud0a4\u00b7<code>.env<\/code>)\uc740 <code>600<\/code>(<code>chmod 600 .env<\/code>). <code>777<\/code> \uc740 \uac70\uc758 \ud56d\uc0c1 \uc798\ubabb\ub41c \uc2e0\ud638.<\/li>\n    <li><strong>\uc548 \uc4f0\ub294 \uc11c\ube44\uc2a4\u00b7\ud3ec\ud2b8\ub294 \ub048\ub2e4<\/strong> \u2014 <code>systemctl disable --now \uc4f8\ub370\uc5c6\ub294\uc11c\ube44\uc2a4<\/code>(19\ud3b8), \uadf8\ub9ac\uace0 <code>ufw<\/code> \uae30\ubcf8 \uc815\ucc45\uc740 <code>deny incoming<\/code> + \ud544\uc694\ud55c \ud3ec\ud2b8\ub9cc <code>allow<\/code>(17\ud3b8). \uc548 \uc5f4\ub824 \uc788\uc73c\uba74 \uc548 \ub6ab\ub9bd\ub2c8\ub2e4.<\/li>\n  <\/ul>\n\n  <h2>\uc810\uac80 \uc2b5\uad00 + \uc885\ud569 \uccb4\ud06c\ub9ac\uc2a4\ud2b8<\/h2>\n  <p>\uac00\ub054(\uc8fc 1\ud68c \uc815\ub3c4) \uc774\uac78 \ubd05\ub2c8\ub2e4 \u2014 24\ud3b8\uc758 \ub85c\uadf8 \ubcf4\uae30\uac00 \uc5ec\uae30\uc11c \uc4f0\uc5ec\uc694:<\/p>\n  <div class=\"cmd\"><span class=\"o\">$<\/span> sudo grep <span class=\"t\">&#8220;Failed password&#8221;<\/span> \/var\/log\/auth.log | tail -20   <span class=\"o\"># \ub204\uac00, \uc5b4\ub514\uc11c \ub178\ub9ac\ub098<\/span>\n<span class=\"o\">$<\/span> sudo grep <span class=\"t\">&#8220;Accepted&#8221;<\/span> \/var\/log\/auth.log | tail            <span class=\"o\"># \uc2e4\uc81c\ub85c \ub204\uac00 \ub85c\uadf8\uc778\ud588\ub098 (\ub0af\uc120 \uac8c \uc788\uc73c\uba74 \ube44\uc0c1)<\/span>\n<span class=\"o\">$<\/span> last -n 20                                  <span class=\"o\"># \ucd5c\uadfc \ub85c\uadf8\uc778 \uae30\ub85d<\/span>\n<span class=\"o\">$<\/span> sudo ss -tlnp                               <span class=\"o\"># \uc9c0\uae08 \uc5f4\ub824\uc11c \ub4e3\uace0 \uc788\ub294 \ud3ec\ud2b8 \u2014 \ubaa8\ub974\ub294 \uac8c \uc788\uc73c\uba74 \uc870\uc0ac<\/span>\n<span class=\"o\">$<\/span> apt list &#8211;upgradable 2>\/dev\/null | grep -i security   <span class=\"o\"># \ub300\uae30 \uc911\uc778 \ubcf4\uc548 \uc5c5\ub370\uc774\ud2b8<\/span>\n<span class=\"o\">$<\/span> sudo fail2ban-client status sshd            <span class=\"o\"># \ucc28\ub2e8 \ud65c\ub3d9<\/span><\/div>\n  <div class=\"checklist\">\n    <strong>\uacf5\uac1c \uc11c\ubc84 \ub744\uc6b4 \uc9c1\ud6c4 \uccb4\ud06c\ub9ac\uc2a4\ud2b8<\/strong>\n    <ol>\n      <li>SSH \ud0a4 \uc124\uc815(18\ud3b8) \u2192 <code>PasswordAuthentication no<\/code> + <code>PermitRootLogin no<\/code> \u2192 restart \u2192 <strong>\uc0c8 \uc138\uc158\uc73c\ub85c \uc811\uc18d \ud655\uc778 \ud6c4<\/strong> \uae30\uc874 \uc138\uc158 \ub2eb\uae30<\/li>\n      <li><code>ufw<\/code> \uae30\ubcf8 deny incoming + \ud544\uc694\ud55c \ud3ec\ud2b8\ub9cc allow(17\ud3b8) \u2192 <code>ufw status<\/code> \ub85c \ud655\uc778<\/li>\n      <li><code>apt install fail2ban<\/code> \u2192 <code>jail.local<\/code> \uc5d0 <code>[sshd] enabled=true<\/code> + maxretry\/bantime<\/li>\n      <li><code>apt install unattended-upgrades<\/code> \u2192 \ud65c\uc131\ud654 (\ubcf4\uc548 \ud328\uce58 \uc790\ub3d9)<\/li>\n      <li>root \uc548 \uc500 \/ \uc11c\ube44\uc2a4 \uc804\uc6a9 \uacc4\uc815 \/ <code>.env<\/code>\u00b7\ud0a4 \ud30c\uc77c <code>chmod 600<\/code> \/ \uc548 \uc4f0\ub294 \uc11c\ube44\uc2a4 disable<\/li>\n      <li>(\uc120\ud0dd) \ud074\ub77c\uc6b0\ub4dc \ucf58\uc194 \uc811\uc18d\ubc95 \uc219\uc9c0 \u2014 SSH \uc7a0\uacbc\uc744 \ub54c \ubcf5\uad6c\uc6a9<\/li>\n    <\/ol>\n  <\/div>\n  <div class=\"warnbox\"><strong>\uc194\uc9c1\ud788:<\/strong> \uc704\ub97c \ub2e4 \ud574\ub3c4 100% \uc548\uc804\uc740 \uc5c6\uc2b5\ub2c8\ub2e4 \u2014 \uc778\ud130\ub137\uc774 \uc788\ub294 \ud55c \ub204\uad70\uac00\ub294 \uc0c8 \ube48\ud2c8\uc744 \ucc3e\uc544\uc694. \ub2e4\ub9cc \uc774 \ubaa9\ub85d\uc740 <strong>&#8220;\uc790\ub3d9 \uc2a4\ud06c\ub9bd\ud2b8\uac00 \ub178\ub9ac\ub294 \ud754\ud55c \ube48\ud2c8&#8221;\uc758 \ub300\ubd80\ubd84<\/strong>\uc744 \ub9c9\uc2b5\ub2c8\ub2e4(\uc57d\ud55c \ube44\ubc88, \ubb34\ucc28\ubcc4 \ub300\uc785, \ud328\uce58 \uc548 \ud55c \ucde8\uc57d\uc810, \uacfc\ud55c \uad8c\ud55c). \uadf8\uac83\ub9cc\uc73c\ub85c\ub3c4 \ud45c\uc801\uc5d0\uc11c \ud55c\ucc38 \uba40\uc5b4\uc9d1\ub2c8\ub2e4. \ub354 \uae4a\uc740 \uac74(SELinux\/AppArmor, \uce68\uc785 \ud0d0\uc9c0, \ubcf4\uc548 \uac10\uc0ac \ub3c4\uad6c \ub4f1) \uc6b4\uc601 \uaddc\ubaa8\uac00 \ucee4\uc9c0\uba74 \ub530\ub85c \u2014 \uc785\ubb38 \uc2dc\ub9ac\uc988\uc758 \ubc94\uc704\ub294 \uc5ec\uae30\uae4c\uc9c0\uc785\ub2c8\ub2e4.<\/div>\n  <div class=\"roadmap\">\n    <h3>\uc2dc\ub9ac\uc988 \ud750\ub984<\/h3>\n    <ol>\n      <li>1~24\ud3b8 \uc785\ubb38~\uace0\uae09(\uc2a4\ud06c\ub9bd\ud2b8\u00b7\ud14d\uc2a4\ud2b8 \ucc98\ub9ac\u00b7\ub85c\uadf8\u00b7\ubaa8\ub2c8\ud130\ub9c1) \u2714 &nbsp; <strong>25\ud3b8 \uc11c\ubc84 \ubcf4\uc548 \ud558\ub4dc\ub2dd (\uc774 \uae00)<\/strong> \u2714<\/li>\n      <li>26\ud3b8 \u2014 \ub3c4\ucee4 \uc785\ubb38 on Ubuntu (\uc774\ubbf8\uc9c0\u00b7\ucee8\ud14c\uc774\ub108\u00b7\ubcfc\ub968\u00b7compose) \u2014 <strong>26\ud3b8 \uc785\ubb38 \uc2dc\ub9ac\uc988 \uc644\uacb0<\/strong><\/li>\n    <\/ol>\n  <\/div>\n  <p>\uc815\ub9ac\ud558\uba74 \u2014 \uc11c\ubc84 \ubcf4\uc548\uc758 \uae30\ubcf8\uae30\ub294 \u2460 SSH\ub294 \ud0a4\ub9cc\u00b7root \uae08\uc9c0 \u2461 fail2ban\uc73c\ub85c \ubb34\ucc28\ubcc4 \ub300\uc785 \ucc28\ub2e8 \u2462 unattended-upgrades\ub85c \ubcf4\uc548 \ud328\uce58 \uc790\ub3d9 \u2463 \uad8c\ud55c\uc740 \ud544\uc694\ud55c \ub9cc\ud07c\ub9cc(root \uc548 \uc500\u00b7\uc804\uc6a9 \uacc4\uc815\u00b7\ucd5c\uc18c \ud30c\uc77c \uad8c\ud55c\u00b7\uc548 \uc4f0\ub294 \uc11c\ube44\uc2a4 off) \u2464 auth.log\u00b7\uc5f4\ub9b0 \ud3ec\ud2b8 \uac00\ub054 \uc810\uac80. \uc704 \uccb4\ud06c\ub9ac\uc2a4\ud2b8\ub97c \ub744\uc6b4 \ub0a0 30\ubd84 \uc548\uc5d0 \ub05d\ub0b4\ub450\uba74, &#8220;\uc5b4\ub290 \ub0a0 \uac11\uc790\uae30 \ud138\ub9ac\ub294&#8221; \uc77c\uc758 \ub300\ubd80\ubd84\uc774 \uc0ac\ub77c\uc9d1\ub2c8\ub2e4. \ub9c8\uc9c0\ub9c9 26\ud3b8\uc5d0\uc11c\ub294 \ub3c4\ucee4\ub85c \uc571\uc744 \ucee8\ud14c\uc774\ub108\uc5d0 \ub2f4\uc544 \ub354 \uae54\ub054\ud558\uac8c(\uadf8\ub9ac\uace0 \uaca9\ub9ac\ud574\uc11c) \uc6b4\uc601\ud558\ub294 \ubc95\uc744 \ubd05\ub2c8\ub2e4.<\/p>\n\n  <p style=\"font-size:15px;color:#64748b;\">\ucc38\uace0: \ubcf8 \uae00\uc740 \uc6b0\ubd84\ud22c(systemd\u00b7OpenSSH\u00b7UFW) \uae30\uc900\uc774\uba70 2026\ub144 5\uc6d4 13\uc77c\uc5d0 \uc791\uc131\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \ud074\ub77c\uc6b0\ub4dc \uc778\uc2a4\ud134\uc2a4\ub294 \ubcf4\uc548 \uadf8\ub8f9\/\ubc29\ud654\ubcbd\uc774 \ubcc4\ub3c4\ub85c \uc788\uc744 \uc218 \uc788\uace0, \uad6c\uccb4\uc801 \uce68\ud574 \ub300\uc751\uc740 KISA \ubcf4\ud638\ub098\ub77c\u00b7\uad00\uacc4 \uae30\uad00\uacfc \uc0c1\ub2f4\ud558\uc138\uc694.<\/p>\n\n  <div class=\"cta\">\n    <h3>\uc6b0\ubd84\ud22c\u00b7\ub9ac\ub205\uc2a4 \uc785\ubb38 \uc2dc\ub9ac\uc988<\/h3>\n    <p>\uacf5\uac1c \uc11c\ubc84 \ub744\uc6b4 \uc9c1\ud6c4 30\ubd84 \uccb4\ud06c\ub9ac\uc2a4\ud2b8 \u2014 25\ud3b8\uc785\ub2c8\ub2e4. \ub2e4\uc74c 26\ud3b8 &#8220;\ub3c4\ucee4 \uc785\ubb38 on Ubuntu&#8221;\ub85c 26\ud3b8 \uc785\ubb38 \uc2dc\ub9ac\uc988\uac00 \uc644\uacb0\ub429\ub2c8\ub2e4.<\/p>\n    <p>\ub9c8\uc9c0\ub9c9 \ud3b8\uc740 <a href=\"https:\/\/junai.ai\/blog\" target=\"_blank\" rel=\"noopener\">junai.ai\/blog<\/a> \uc5d0\uc11c.<\/p>\n  <\/div>\n\n<\/article>\n<\/div>\n\n<footer>\n  <div class=\"wrap\">\u00a9 2026 JUNAI \u00b7 \uc6b0\ubd84\ud22c\u00b7\ub9ac\ub205\uc2a4 \uc785\ubb38 \uc2dc\ub9ac\uc988 25\ud3b8 \u00b7 \ubcf8 \uae00\uc740 2026\ub144 5\uc6d4 13\uc77c \uae30\uc900\uc73c\ub85c \uc791\uc131\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/div>\n<\/footer>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\uacf5\uac1c \uc11c\ubc84 \ub744\uc6b4 \uc9c1\ud6c4 30\ubd84 \uccb4\ud06c\ub9ac\uc2a4\ud2b8 \u2014 SSH \ud0a4 \uc778\uc99d\u00b7root \uae08\uc9c0\u00b7fail2ban\u00b7\uc790\ub3d9 \ubcf4\uc548 \ud328\uce58\u00b7\ucd5c\uc18c \uad8c\ud55c\u00b7\uc810\uac80 \uc2b5\uad00. \ub9ac\ub205\uc2a4 \uc785\ubb38 25\ud3b8.<\/p>\n","protected":false},"author":1,"featured_media":205,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":["post-211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu-linux"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/posts\/211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/comments?post=211"}],"version-history":[{"count":0,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/posts\/211\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/media\/205"}],"wp:attachment":[{"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/media?parent=211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/categories?post=211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/junai.ai\/blog\/wp-json\/wp\/v2\/tags?post=211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}