I also found failed2ban had much less work to do, banning handful a day, not a thousand, by stopping ssh password authentication and using private key authentication. Something I should have done from the start anyway. It seems when if a server sends public key on attempted login and refuses password it stops the kiddies/robots from trying anymore.
Gerry
-----Original Message----- From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of Toralf Förster Sent: 21 September 2020 14:53 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] SSH
On 9/21/20 1:52 PM, Logforme wrote:
Change the SSH default port.
AFAICT that helped but only fore a while. After few weeks/months the non-default port is discovered by (a probably more extensible port scan) and the failed login attempts continued.