Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I would be kinda terrified
I know a couple of resources on making your ssh host secure, but still... I'm no sysadmin... -
BadFox23346y@bytecode it's installed, I've just been lazy enough to put off configuring it for quite some time.
-
BadFox23346y@erandria I've been thinking of just using generated keys. Probably 2048-bit or more.
-
showing your IP [92.238.*.*] to the public? :) Brave.
Also, my guys are more lazy. I think they're giving up :)
There were 3255 failed login attempts since the last successful login.
The best part, I still have root password ssh auth enabled :) Good luck guessing that mthfckrs! -
devs30756yChange the default port from 22. I often use 22022. It helps a lot.
Doesn’t make it more secure, but you’ll receive A LOT less requests.
You can also geo block Asia, then you will get even less attempts. -
hjk10156966yJust use ed25519 and when you can successfully authenticate with it on two users set permit password off in sshd config.
Never bothered with fail 2 ban, I trust they can't brute force my keys -
Took me solid 8.34 seconds to realise that this is terminal on mobile.
For more than 4 seconds I was like, "Why the hell there are icons on terminal? which zsh theme is that O.o?!" -
devs30756y@JiggleTits wouldn’t call it security. Still need fail2ban and such, but the network uses a lot less bandwidth since fewer people are trying to poke through
-
Aldar12046yDisable root login (this is a must) and switch from using passwords to using the PKI. Disable password login and laugh at all the pointless login attempts.
-
BadFox23346y
-
BadFox23346y@devs I don't have a public IPv6 address so no can do but I will probably change the port number sooner or later.
-
BadFox23346y@netikras I don't have a static IPv4 address. I use a dynamic DNS service to connect remotely so me sharing that address won't matter eventually. That traffic was in just a day, I checked earlier and it was much higher that that but then it reset so...
My plan is to make it extremely expensive and leave them guessing. I'll just get a laugh out of it. -
BadFox23346y@linuxxx I use FirewallD for now but I'll probably switch to UFW for the simpler configuration.
-
BadFox23346y@lazysnail hehehe, I'm sort of lazy so if I don't have to move I won't hence the phone JuiceSSH app.
-
@erandria well if you fail enough times, yes, it can... but you should be using keys instead of passwords anyway so that should not happen
-
@erandria It can accidentally ban yourself, but only for a limited amount of time.
-
hjk10156966y@BadFox actually I use keys in ssh agent because I'm lazy. Even though I use a password manager authenticating is still bothersome.
Don't use any software that needs to do something over ssh and doesn't support ssh-agent.
It's brilliant shit just works (git, sftp client, IDE etc)
Related Rants
-
abhijith050513When you SSH into a machine and then SSH back into yours, you know you are drunk.
-
nickj58today at programming class... professor: today we will be teaching you about vim and using the terminal and s...
-
linuxxx19*SSH's into VPS* *Starts doing some general maintainance (updating, checking the logs etc)* *runs the who comm...
I'm glad someone is having fun.
rant
bruteforce
brute force
ssh