Look into fail2ban -- it is on most linux distros I'm used to seeing. It may do something that helps your situation. Changing to another port does help cosmetically. (It also allows you to run something on a port that captive portals allow through -- say, 53...) I've been considering the idea of blocking large swaths of IPv4/6 from places I'm unlikely to care about traffic. On Mon, Aug 08, 2022 at 10:01:12AM -0600, Aaron Birenboim wrote:
I've been getting constant ssh attacks, like several per minute.
Any suggestions? I could change the port from 22, but I don't know if that will do much.
There used to be some sort of sshd wrapper which could ban an IP after failed attempts. I think it was deprecated. The attack IP changes, but there often a few dozen attacks from the same IP. Again, some help... but not much.
I have password access disabled. (You need to have a key to ssh in). Anything else I should do?
aaron
_______________________________________________ nmglug mailing list nmglug@lists.nmglug.org http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org