[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] SSH login attempts

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] SSH login attempts
From: Sean Brown <just@xxxxxxxxxxxxxxx>
Date: Tue, 4 Sep 2018 09:14:02 -0400
Arc-authentication-results: i=1; mx.zoho.com; dkim=pass header.i=bumponalog.info; spf=pass smtp.mailfrom=just@xxxxxxxxxxxxxxx; dmarc=pass header.from=<just@xxxxxxxxxxxxxxx> header.from=<just@xxxxxxxxxxxxxxx>
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1536066844; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=KVIvpEbaH+g9oKCnK0BY0+DCaSnMk9dlG7AiEMzAPqM=; b=itvNEiPOc+/YTsPnrrQcRaZtFqg0l69xPQwoa1p70niGchrhU/OxzxxWZKKILsuGI+9TpDaSKFJ3AUI6iIgz3ZbiSvr0iPiK8511Ttq0893V+EtD7IJffTfZGBXI6c/ZfTQifFPdQ1dWf51NmkuUJGJxusq+0XMzbE+iHHP5qDg=
Arc-seal: i=1; a=rsa-sha256; t=1536066844; cv=none; d=zoho.com; s=zohoarc; b=Rq8O/8nfS+3DWr70O4Wm9Zcx8OTn/9uxbka4iJe6Cb7I26MX9lh2BCe6I2N1nxhU+VzwxbWKEiW+dps7sOvQt8eGTrbOi02hTghhrlPEJiRapkn6sfTozr5nc7zoPwqavKRIDyzsclxMh6rJXDM+29aOomLBr4OvHNkDEJ5ugkM=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 04 Sep 2018 09:14:17 -0400
In-reply-to: <b5835207-1185-88a7-1bac-9f7d33d7c507@monksofcool.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <9FAA393D-380B-4C0A-B4AF-76C0EE9E8BAD@mailbox.org> <732405187.141449.1536064730373.JavaMail.zimbra@apawc.com.au> <20180904124056.r7abkpapyq7u74mt@riseup.net> <81E2BC08-12D8-4055-8E86-F0879A1B836F@bumponalog.info> <b5835207-1185-88a7-1bac-9f7d33d7c507@monksofcool.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

> On Sep 4, 2018, at 9:06 AM, Ralph Seichter <m16+tor@xxxxxxxxxxxxxxx> wrote:
> 
> On 04.09.2018 14:44, Sean Brown wrote:
> 
>> Using an obscure port only prevents attempts being logged, nothing
>> else.
> 
> I cannot agree with that. What an sshd logs is not determined by the
> port number it is listening on, and the quantity of failed login
> attempts across my servers is measurably lower when using a non-standard
> port.
> 

Ya, my mistake, I wasn’t clear. I don’t mean that sshd doesn’t log if it’s on a different port, I mean that only the worst bots won’t find it, cutting down on the amount of noise in the logs. If ssh is configured correctly (disable password, 2fa, keys etc.) password attempts are just noise.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] SSH login attempts
  - From: Marcus Wahle
- Re: [tor-relays] SSH login attempts
  - From: Paul Templeton
- Re: [tor-relays] SSH login attempts
  - From: Natus
- Re: [tor-relays] SSH login attempts
  - From: Sean Brown
- Re: [tor-relays] SSH login attempts
  - From: Ralph Seichter

Prev by Author: Re: [tor-relays] Congrats to Nullvoid
Next by Author: Re: [tor-relays] SSH login attempts
Previous by thread: Re: [tor-relays] SSH login attempts
Next by thread: Re: [tor-relays] SSH login attempts
Index(es):
- Author
- Thread