On Sep 4, 2018, at 8:40 AM, Natus natus@riseup.net wrote:
Use some tool like fail2ban and/or ssh key authentication.
Also change the default port of your ssh endpoint (eg: 2222)
Using an obscure port only prevents attempts being logged, nothing else. And if you’re going to use an alternate port, pick one under 1024. Make it so an attacker needs to be root before they replace your sshd process.