How to cut down on ssh attacks
Karl Auer
kauer at biplane.com.au
Mon Jun 16 14:40:29 UTC 2025
On Mon, 2025-06-16 at 09:55 -0400, Robert Moskowitz via ubuntu-users
wrote:
> anything else I can do to slow this nonsense down?
>
> I tried my regular of moving sshd to another port, but MiaB has ssh
> so embedded in its functionality that I gave up running through all
> the changes in it I need on moving sshd. Don't ask my opinion on
> this dependency, but MiaB is otherwise worth the pain....
If MiaB's ssh connections are from a known and unchanging source
address, restrict connections on port 22 to just that source.
Then for your other ssh needs, set up a second ssh server on a
different port. Then install fail2ban so that anyone who fails a few
times gets blocked for a while (or forever).
Turn off root logins, turn off password logins; permit only publickey
ssh connections.
Turn off logging of anything that doesn't matter.
All of the above will reduce the risk and the number of log entries.
However, nothing you do on the computer will prevent the attempts from
*reaching* your computer - they just drop them when they arrive. So
while they will reduce traffic, they won't drop it to zero.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au, he/him)
http://www.biplane.com.au/kauer
More information about the ubuntu-users
mailing list