[tor-relays] Relay failed logins

Lars Noodén lars.nooden at gmail.com
Sun Feb 25 11:16:23 UTC 2018

On 02/24/2018 09:54 PM, Spiros Andreou wrote:
> 1) install fail2ban which will block anyone who fails a login 3 times
> 2) move SSH to a non standard port (preferably >1000)
> 3) reconfigure SSH to only allow login with keys instead of passwords - generate and successfully test login with a key first before you set this option 
> 4) change the firewall to only allow logins from a specified IP address (yours if you have a static IP)

1) Or else use SSHGuard which is a little easier.  I think fail2ban did
catch up with IPv6 support, which might or might not be relevant.

2) That quiets the logs for a while.  But even when you are found again
there won't be nearly as many attackers

3) Using keys and prohibiting passwords is probably the single most
useful thing to make sure of here.  It's also very easy.

4) Locking the firewall to accept incoming from only specific IP
addresses isn't good if one moves around.

On 02/24/2018 09:36 PM, Olaf Grimm wrote:
> Is this amount of attacks regular?

When I ran a middle relay, it was constantly scanned quite heavily and
not just for SSH services.

My 2 cents.


More information about the tor-relays mailing list