[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to push back against repeated login attempts?

On Tue, Mar 2, 2021 at 9:51 AM oregano@disroot.org wrote:

>How to push back against repeated login attempts?

This isn't specific to ARM devices so it is a bit off-topic here, but...

The first thing to do is to ensure password authentication to SSH is
disabled and replaced with key or certificate authentication.

To avoid (some of) the entries in the system logs there are a few
different options:

Just disable or uninstall the SSH daemon.

Ban access to the SSH daemon except from authorised IP addresses.

Switch the SSH daemon to another port than 22, then switch again when
the next botnet finds that, repeat.

Use the CrowdSec alternative to fail2ban, which shares the behavior of
malicious IPs with a community and in return receives a list of
malicious IPs other folks have shared.


Move the SSH daemon to a Tor onion service so that only those who know
the address can access it and you can still access it if
fail2ban/crowdsec block your own IP address.

Some combination of the above.



Reply to: