SSH Password-Guessing Attacks
I suppose you know that if you put a machine on the Internet with an SSH server listening on port 22, you are going to get bombarded with password-guessing login attempts. Previously, I thought that moving the SSH server to a nonstandard port was sufficient to block these. But now I am seeing these attacks happening on my Rimu VPS anyway. Should I bother to change the port again?
Fail2ban? Sort of like a smart DenyHosts On Thursday, 16 May, 2019 11:41 NZST, Lawrence D'Oliveiro <ldo(a)geek-central.gen.nz> wrote: I suppose you know that if you put a machine on the Internet with an SSH server listening on port 22, you are going to get bombarded with password-guessing login attempts. Previously, I thought that moving the SSH server to a nonstandard port was sufficient to block these. But now I am seeing these attacks happening on my Rimu VPS anyway. Should I bother to change the port again? _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug
I suppose you know that if you put a machine on the Internet with an SSH server listening on port 22, you are going to get bombarded with password-guessing login attempts.
Previously, I thought that moving the SSH server to a nonstandard port was sufficient to block these. But now I am seeing these attacks happening on my Rimu VPS anyway. Should I bother to change the port again?
Only allow key-based logins? Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/
On Thu, 16 May 2019, at 12:43 AM, Peter Reutemann wrote:
Only allow key-based logins?
^ this. Enabling password based logins via ssh is just asking to be hacked, regardless of what port you are running ssh on. All boxes I have control over only allow an rsa key to login in via ssh/ Digital Ocean have a useful guide on how to set this up for various distros https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-u... -- Simon
+1 on key-based only! I'm a very strong proponent of moving port 22 to something non-standard... It hides a lot of the brute-force noise, so you know that anything that *does* come through is a bit more malicious. At this point I throw on Fail2Ban for good measure. :) I also advocate for ED25519 keys instead of RSA - simply because they're faster. E -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es On Thu, 16 May 2019, at 12:50, Simon Green wrote:
On Thu, 16 May 2019, at 12:43 AM, Peter Reutemann wrote:
Only allow key-based logins?
^ this. Enabling password based logins via ssh is just asking to be hacked, regardless of what port you are running ssh on. All boxes I have control over only allow an rsa key to login in via ssh/
Digital Ocean have a useful guide on how to set this up for various distros https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-u...
-- Simon _______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug
participants (5)
-
Eric Light -
Lawrence D'Oliveiro -
Peter Reutemann -
Roger Hardy -
Simon Green