I'd recommend Fail2Ban as well. Beyond that, you pretty much just have to accept a certain amount of attacks hitting your system regularly. Various servers I administer get pounded constantly, typically several thousand times a day. Solid firewall rules, strong passwords, and ensuring your software is up to date on patches, is really the best you can manage. This is unfortunately just how things normally roll on the Internet these days. You cannot stop attackers from attacking you, but you don't have to make it easy for them. Fail2Ban helps, block lists help, but at the end of the day, it's gonna happen to one degree or another, no matter what you do. Will On 8/8/2022 10:25 AM, John Osmon wrote:
Look into fail2ban -- it is on most linux distros I'm used to seeing. It may do something that helps your situation.
Changing to another port does help cosmetically. (It also allows you to run something on a port that captive portals allow through -- say, 53...)
I've been considering the idea of blocking large swaths of IPv4/6 from places I'm unlikely to care about traffic.
On Mon, Aug 08, 2022 at 10:01:12AM -0600, Aaron Birenboim wrote:
I've been getting constant ssh attacks, like several per minute.
Any suggestions? I could change the port from 22, but I don't know if that will do much.
There used to be some sort of sshd wrapper which could ban an IP after failed attempts. I think it was deprecated. The attack IP changes, but there often a few dozen attacks from the same IP. Again, some help... but not much.
I have password access disabled. (You need to have a key to ssh in). Anything else I should do?
aaron
_______________________________________________ nmglug mailing list nmglug@lists.nmglug.org http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
nmglug mailing list nmglug@lists.nmglug.org http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org