[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH
From: George <george@xxxxxxxxxx>
Date: Tue, 29 Dec 2020 12:35:16 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Dec 2020 12:35:49 -0500
In-reply-to: <em9fa66f2c-8993-4d78-9174-522a6cea9b5f@mats-win7>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <CAE5iq3i1KiyV+Cg63ixbHY7XD4BfmYKhL3B0APSWCanqSAPxqQ@mail.gmail.com> <em9fa66f2c-8993-4d78-9174-522a6cea9b5f@mats-win7>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; OpenBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0

On 9/21/20 7:52 AM, Logforme wrote:

On 2020-09-21 11:19:20, "Андрей Гвоздев" <andrejgvozdev55@xxxxxxxxx> wrote:

Hello
I'm running a TOR relay, every time I SSH to my server I see a message
that there were thousands of failed login attempts
Do you see this message too?

Exposing a SSH server to the internet will get you lots of login attempts.

Yes, this is normal for anyone running internet-facing systems, andthere are as many mitigations as there are sysadmins.

Here are some things you SHOULD do to help the situation:
Change the SSH default port.

Yes, this will lessen the number of entries in the relevant log fileuntil the brute force attackers get more intelligent. Just understandthis is not a security measure. It's more like a dose of obscurity tomake log files less noisy.

Disable the root login.

+1

Use key-based authentication.

+1

Those are important and vital security measures, as is employing somesort of multi-factor authentication methods like Yubikey. (no,officially key-based SSH auth is not formally MFA...)


But the two ways to actually address the problem is either:

* network or host-based firewalling to limit connections based on thesame source, rate, etc., which depends on the operating system you'rerunning.


* there are also tools like fail2ban and so on that are popular.

* if you're running FreeBSD or NetBSD, try Christo's blacklistd. Itmight be ported to other OSs. If it's not, it should be...


HTH

g
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: Re: [tor-relays] Tor Traffic De-prioritization Script
Next by Author: Re: [tor-relays] Exit node in spain
Previous by thread: Re: [tor-relays] M1 anyone?
Next by thread: [tor-relays] Bridge acting strange
Index(es):
- Author
- Thread