[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] SSH
From: "Dr Gerard Bulger" <gerard@xxxxxxxxxxxx>
Date: Mon, 21 Sep 2020 15:29:45 +0100
Authentication-results: bulger.co.uk; spf=pass (sender IP is 2a01:4b00:a40a:4a00:82c:6ce0:35a2:e11) smtp.mailfrom=gerard@xxxxxxxxxxxx smtp.helo=DESKTOP0274C16
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 21 Sep 2020 23:28:36 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bulger.co.uk; s=default; t=1600698586; bh=+VefttDmfa3veBf3P9uhZbC53yePQ5gXhL3Ex6KprYY=; h=From:To:Subject; b=RDLX84ELwqPeMrKv67qFTvlIeu0VkxPVjEbODeaw8Xa0glf48W5h1pKXHDx5Vpjk2 c5SSpJzyXcrbnSEVt+mF/YbScBzMM/rCvRIod2srp4+9a2RRAy61+EfRzRsKWpqLKT gvefkCKcLDnDzqYR0vMg624DEQmvZYa3XJ9srHFk=
In-reply-to: <0da4e907-2fda-caea-1496-77c5d6f60645@gmx.de>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAE5iq3i1KiyV+Cg63ixbHY7XD4BfmYKhL3B0APSWCanqSAPxqQ@mail.gmail.com> <em9fa66f2c-8993-4d78-9174-522a6cea9b5f@mats-win7> <0da4e907-2fda-caea-1496-77c5d6f60645@gmx.de>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQKjaknz3FKK7/VJYZMrXWx/kGwX5gNH75bkAcUbesmnsQcw4A==

I also found failed2ban had much less work to do, banning handful a day, not a thousand, by stopping ssh password authentication and using private key authentication.  Something I should have done from the start anyway.
It seems when if a server sends public key on attempted login and refuses password it stops the kiddies/robots from trying anymore.  

Gerry





-----Original Message-----
From: tor-relays <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of Toralf Förster
Sent: 21 September 2020 14:53
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH

On 9/21/20 1:52 PM, Logforme wrote:
> Change the SSH default port.
AFAICT that helped but only fore a while.
After few weeks/months the non-default port is discovered by (a probably more extensible port scan) and the failed login attempts continued.

-- 
Toralf


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] SSH
  - From: Андрей Гвоздев
- Re: [tor-relays] SSH
  - From: Logforme
- Re: [tor-relays] SSH
  - From: Toralf Förster

Prev by Author: Re: [tor-relays] Who am I?
Next by Author: [tor-relays] OVH Warnings
Previous by thread: Re: [tor-relays] SSH
Next by thread: Re: [tor-relays] SSH
Index(es):
- Author
- Thread