[tor-relays] SSH login attempts
Lars Noodén
lars.nooden at gmail.com
Tue Sep 4 12:49:08 UTC 2018
On 09/04/2018 03:41 PM, Marcus wrote:
> Thanks Paul,
> I use fai2ban, but this amount of failed logins is new to me.
> Marcus
The failed logins are business as usual. If the machine is on the net,
then bots will find it no matter where it is or which port it listens
on. But they usually move on after a while, too.
While running fail2ban/sshguard helps, and changing the port helps
slightly, the biggest change you can make if you haven't done it already
is to use key-based authentication and turn off password based
authentication, at least for the outward facing address(es) on your box.
It seems that many bots can tell when the SSH daemon will not respond
to passwords and move on without trying to actually log in.
/Lars
More information about the tor-relays
mailing list