[nmglug] ssh attacks

Will Pearson william at cnsp.net
Mon Aug 8 11:08:47 PDT 2022


I'd recommend Fail2Ban as well. Beyond that, you pretty much just have 
to accept a certain amount of attacks hitting your system regularly. 
Various servers I administer get pounded constantly, typically several 
thousand times a day. Solid firewall rules, strong passwords, and 
ensuring your software is up to date on patches, is really the best you 
can manage. This is unfortunately just how things normally roll on the 
Internet these days. You cannot stop attackers from attacking you, but 
you don't have to make it easy for them. Fail2Ban helps, block lists 
help, but at the end of the day, it's gonna happen to one degree or 
another, no matter what you do.

Will

On 8/8/2022 10:25 AM, John Osmon wrote:
> Look into fail2ban -- it is on most linux distros I'm used to seeing.
> It may do something that helps your situation.
>
> Changing to another port does help cosmetically.  (It also allows you to
> run something on a port that captive portals allow through -- say,
> 53...)
>
> I've been considering the idea of blocking large swaths of IPv4/6 from
> places I'm unlikely to care about traffic.
>
>
>
> On Mon, Aug 08, 2022 at 10:01:12AM -0600, Aaron Birenboim wrote:
>> I've been getting constant ssh attacks, like several per minute.
>>
>> Any suggestions?   I could change the port from 22, but I don't know
>> if that will do much.
>>
>> There used to be some sort of sshd wrapper which could ban an IP
>> after failed attempts.  I think it was deprecated.   The attack IP
>> changes, but there often a few dozen attacks from the same IP.
>> Again, some help...  but not much.
>>
>> I have password access disabled.  (You need to have a key to ssh
>> in).  Anything else I should do?
>>
>> aaron
>>
>>
>> _______________________________________________
>> nmglug mailing list
>> nmglug at lists.nmglug.org
>> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
> _______________________________________________
> nmglug mailing list
> nmglug at lists.nmglug.org
> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org


More information about the nmglug mailing list