[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH login attempts

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH login attempts
From: Lars Noodén <lars.nooden@xxxxxxxxx>
Date: Tue, 4 Sep 2018 15:49:08 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Sep 2018 08:49:18 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=wEN9zKdTGww40gqXYYX02vaLIgzgWZOF+cm3XWAG5Eg=; b=plA+NFpJUpUGNnbxpW2JEATasHcZ7SWeIfjdhHSHhjhrdobflHTTqgjTJwik81H7VW G99CQNL0OH5sNMULRbXx25mR4MvDMT6riCHNhMastxN2kdslskDiZxcG7ukxH3z2M/FB 7yH93j1SyaSPUjnBdT/mV2ap7m4NKq9XYHpAnCJuZNRCMoN8NpF5+su2NpSyiFAVKyLJ D7pwgX65eiZ/OpJbitTA970kErmAkEm1iS4kcCph+r4qCXFqUf3YzjPJcPg7ph7VBeQr PtcHr+7DM2Yt5/x4AYyDqfefzIpt5VRZ10uMuEyrW9hqegrkGakpRfaFGHfasJ4ztiQR bYQQ==
In-reply-to: <11912E06-2EDA-42AB-97D0-46172A043CF5@mailbox.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <9FAA393D-380B-4C0A-B4AF-76C0EE9E8BAD@mailbox.org> <732405187.141449.1536064730373.JavaMail.zimbra@apawc.com.au> <11912E06-2EDA-42AB-97D0-46172A043CF5@mailbox.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

On 09/04/2018 03:41 PM, Marcus wrote:
> Thanks Paul,
> I use fai2ban, but this amount of failed logins is new to me.
> Marcus

The failed logins are business as usual.  If the machine is on the net,
then bots will find it no matter where it is or which port it listens
on.  But they usually move on after a while, too.

While running fail2ban/sshguard helps, and changing the port helps
slightly, the biggest change you can make if you haven't done it already
is to use key-based authentication and turn off password based
authentication, at least for the outward facing address(es) on your box.
 It seems that many bots can tell when the SSH daemon will not respond
to passwords and move on without trying to actually log in.

/Lars
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] SSH login attempts
  - From: Marcus Wahle
- Re: [tor-relays] SSH login attempts
  - From: Paul Templeton
- Re: [tor-relays] SSH login attempts
  - From: Marcus

Next by Author: Re: [tor-relays] Multi node management programs/platforms?
Previous by thread: Re: [tor-relays] SSH login attempts
Next by thread: Re: [tor-relays] SSH login attempts
Index(es):
- Author
- Thread