12

I've just checked my server's auth logs and my god that's a lot of failed ssh login attempts.

I think I'll install an ssh honeypot to waste these peoples time...

Comments
  • 6
    Make sure you don't fail2ban them!
  • 4
    @RememberMe I'm gonna look into fail2ban as well, though I imagine I would point that to my actual ssh daemon, which will run on some other port
  • 3
    @theKarlisK oh lol I mean to use it as a pun
    fail2ban is awesome
  • 0
    @theKarlisK that's exactly what I was gonna go for
  • 1
    update

    endlessh didn't work, there wasn't any log to read and I can't be asked to set it up

    port 22 will remain open with no service behind it, ssh is one some other random port

    I could try combining fail2ban and endlessh but that's just too much effort

    https://github.com/itskenny0/...
  • 0
    Ye, had the same issue.
    -I also moved to a different port,
    -Fail2ban is installed
    -Also setup Firewall with a whitelist (using ufw)
    -Disabled root login for ssh
    -And disabled login using password for ssh (keys only)

    No more failed login attempts. I hope I didn't forget anything
  • 1
    You could disable unwanted protocols.

    Eg. only allowing ed25519 keys, disabling host keys for anything else.

    Pooooof all die in preinit.
  • 0
    @theKarlisK yeah I definitely wanna look into limiting what encryption can be used
    Gotta want that sweet elliptic curve
Add Comment