Re: Undesired ssh login attempts
- Date: Sun, 10 Jun 2018 08:27:35 -0400
- From: Roberto C. Sánchez <roberto@xxxxxxxxxx>
- Subject: Re: Undesired ssh login attempts
On Sun, Jun 10, 2018 at 11:09:49AM -0000, Dan Purgert wrote:
> deloptes wrote:
> > Hi,
> > I recently get many of those, which means someone found out that ssh
> > external is on port 22222 and is trying to do some evil work there.
> > Should I worry or do something?
> Use key-based auth only
> Ensure root ssh login is not allowed
> Perhaps fail2ban (or equivalent)
> Perhaps forget about funny ports (as they're "security by obscurity" at
In the past I was of a similar opinion regarding the use of a
non-standard port for SSH. However, some of clients do this and the
main observed benefit is less noise in the logs. As long as the
administrator understands that it does not improve security, and is
willing to deal with the occasional inconvenience of an alternate port,
there is nothing really wrong with it.
Roberto C. Sánchez