Hi LB,
SSH attacks happen 24/7 and are just stupid brute force mostly without
any reason.
You already setted up key auth and hopefully disabled password auth.
You can block brute force by setting up a log watcher like fail2ban.
That application follows the auth.log file on your server and adds
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/22/2015 09:29 PM, Josef Stautner wrote:
> Hi LB,
>
> SSH attacks happen 24/7 and are just stupid brute force mostly without
> any reason.
The most stupid of them you can avoid/ignore by just choosing a ssh port != 22.
- --
Toralf, pgp key:
Hello,
I need some advise on a situation new to me. I operate a VPS exit node
in Romania, a VPS guard node in the Czech Republic, a middle node and
bridge in the US. All are SSH public key authentication protocol 2.
Over the last 5 weeks all of these servers have been under attack by IPs
>
> Attack counts are in the 100,000s.
>
This sort of thing posses no threat and
is quite stupid as previously observed.
Is mainly annoying for the mess it makes
of /var/log/security.
If you don't want to change the SSH port
(best solution IMO), here's an 'iptables'
rule that will fix it