4 Sep
2018
4 Sep
'18
12:49 p.m.
On 09/04/2018 03:41 PM, Marcus wrote:
Thanks Paul, I use fai2ban, but this amount of failed logins is new to me. Marcus
The failed logins are business as usual. If the machine is on the net, then bots will find it no matter where it is or which port it listens on. But they usually move on after a while, too.
While running fail2ban/sshguard helps, and changing the port helps slightly, the biggest change you can make if you haven't done it already is to use key-based authentication and turn off password based authentication, at least for the outward facing address(es) on your box. It seems that many bots can tell when the SSH daemon will not respond to passwords and move on without trying to actually log in.
/Lars