[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH login attempts



On 09/04/2018 03:41 PM, Marcus wrote:
> Thanks Paul,
> I use fai2ban, but this amount of failed logins is new to me.
> Marcus

The failed logins are business as usual.  If the machine is on the net,
then bots will find it no matter where it is or which port it listens
on.  But they usually move on after a while, too.

While running fail2ban/sshguard helps, and changing the port helps
slightly, the biggest change you can make if you haven't done it already
is to use key-based authentication and turn off password based
authentication, at least for the outward facing address(es) on your box.
 It seems that many bots can tell when the SSH daemon will not respond
to passwords and move on without trying to actually log in.

/Lars
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays