[nmglug] ssh attacks
John Osmon
josmon at rigozsaurus.com
Mon Aug 8 09:25:36 PDT 2022
Look into fail2ban -- it is on most linux distros I'm used to seeing.
It may do something that helps your situation.
Changing to another port does help cosmetically. (It also allows you to
run something on a port that captive portals allow through -- say,
53...)
I've been considering the idea of blocking large swaths of IPv4/6 from
places I'm unlikely to care about traffic.
On Mon, Aug 08, 2022 at 10:01:12AM -0600, Aaron Birenboim wrote:
> I've been getting constant ssh attacks, like several per minute.
>
> Any suggestions? I could change the port from 22, but I don't know
> if that will do much.
>
> There used to be some sort of sshd wrapper which could ban an IP
> after failed attempts. I think it was deprecated. The attack IP
> changes, but there often a few dozen attacks from the same IP.
> Again, some help... but not much.
>
> I have password access disabled. (You need to have a key to ssh
> in). Anything else I should do?
>
> aaron
>
>
> _______________________________________________
> nmglug mailing list
> nmglug at lists.nmglug.org
> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
More information about the nmglug
mailing list