[nmglug] ssh attacks

John Osmon josmon at rigozsaurus.com
Mon Aug 8 09:25:36 PDT 2022

Look into fail2ban -- it is on most linux distros I'm used to seeing.
It may do something that helps your situation.

Changing to another port does help cosmetically.  (It also allows you to
run something on a port that captive portals allow through -- say,

I've been considering the idea of blocking large swaths of IPv4/6 from 
places I'm unlikely to care about traffic.

On Mon, Aug 08, 2022 at 10:01:12AM -0600, Aaron Birenboim wrote:
> I've been getting constant ssh attacks, like several per minute.
> Any suggestions?   I could change the port from 22, but I don't know
> if that will do much.
> There used to be some sort of sshd wrapper which could ban an IP
> after failed attempts.  I think it was deprecated.   The attack IP
> changes, but there often a few dozen attacks from the same IP.
> Again, some help...  but not much.
> I have password access disabled.  (You need to have a key to ssh
> in).  Anything else I should do?
> aaron
> _______________________________________________
> nmglug mailing list
> nmglug at lists.nmglug.org
> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org

More information about the nmglug mailing list