How to cut down on ssh attacks
Robert Heller
heller at deepsoft.com
Mon Jun 16 14:42:55 UTC 2025
About the best things you can do are:
1) Install Fail2Ban
2) Make sure root login over SSH is disabled.
3) Disable password login -- use Public/Private key login only.
/etc/ssh/sshd_config setting:
PasswordAuthentication no
And keep up-to-date with security updates.
There is nothing you can do about repeated password login attempts. Disabling
password login makes all such attempts futile.
At Mon, 16 Jun 2025 09:55:20 -0400 "Ubuntu user technical support,? not for general discussions" <ubuntu-users at lists.ubuntu.com> wrote:
>
> I just installed logwatch on my mailserver.
>
> the server has been running for a couple weeks, so it is 'known'. Ran a
> test of logwatch daily and the sshd authentication failures lists
>
> 575 lines, each with multiple attempts!
>
> In one day!
>
> ufw does specify 'limit' port 22:
>
> 22/tcp                    LIMIT      Anywhere
> 22/tcp (v6)Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â LIMITÂ Â Â Â Â Â Anywhere (v6)
>
> anything else I can do to slow this nonsense down?
>
> I tried my regular of moving sshd to another port, but MiaB has ssh so
> embedded in its functionality that I gave up running through all the
> changes in it I need on moving sshd. Don't ask my opinion on this
> dependency, but MiaB is otherwise worth the pain....
>
>
>
--
Robert Heller -- Cell: 413-658-7953 GV: 978-633-5364
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
heller at deepsoft.com -- Webhosting Services
More information about the ubuntu-users
mailing list