Web lists-archives.com

Re: Undesired ssh login attempts

On Sun, 10 Jun 2018 20:24:41 +0900
likcoras <likcoras@xxxxxxxxxx> wrote:

> On 06/10/2018 07:55 PM, deloptes wrote:
> > Hi,
> > I recently get many of those, which means someone found out that ssh
> > external is on port 22222 and is trying to do some evil work there.
> > Should I worry or do something?  
> > Similar for apache web server.
> > I think both are secure: for ssh no users with easy password
> > allowed to login and apache - no pages or stuff that would
> > compromise.
> > 
> > thanks for opinion
> > 
> > regards
> >   
> Welcome to the Internet!
> If you're confident of your setup, you can safely ignore them. If
> you're annoyed by the logs, you could set up something like fail2ban
> to block connections from IPs that have made too many bad attempts
> (although this could possibly be used to lock you out).
> My recommendation is the same as Dan's, consider disabling password
> login to allow only pubkey authentication. Same with the ports, I
> usually don't bother with using a non-standard port since it would, at
> best, only reduce the volume of attacks and not really provide any
> additional security.

I've found it reduces the volume of attacks by something very close to
100%, which I think is worth having in exchange for a truly trivial
effort. 2222 or 22222 are obvious ports to try, but not many people
will try a full portscan across the Net.

But yes, get rid of passwords completely, and make sure the private key
you carry with you is well encrypted.