Re: ssh access with all ports close.
On 12/10/2020 6:40 AM, firstname.lastname@example.org wrote:
I am not able to access my server at home using ssh, but i can see in
logs, that someone can access my home server!
What, exactly, are you seeing? Copy and paste examples.
Elmwood, WI USA
Dec 9 20:48:58 xxx sshd: Failed password for invalid user greengo
from 22.214.171.124 port 43200 ssh2
Dec 9 20:48:58 xxx sshd: Invalid user mysql from 126.96.36.199 port
Dec 9 20:48:58 xxx sshd: pam_unix(sshd:auth): check pass; user unknown
Dec 9 20:48:58 xxx sshd: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.8.131.52
Dec 9 20:48:59 xxx sshd: Received disconnect from 184.108.40.206
port 43200:11: Bye Bye [preauth]
Dec 9 20:48:59 xxx sshd: Disconnected from invalid user greengo
220.127.116.11 port 43200 [preauth]
Dec 9 20:49:00 xxx sshd: Failed password for invalid user mysql
from 18.104.22.168 port 56021 ssh2
Dec 9 20:49:01 xxx sshd: Received disconnect from 22.214.171.124 port
56021:11: Bye Bye [preauth]
Dec 9 20:49:01 xxx sshd: Disconnected from invalid user mysql
126.96.36.199 port 56021 [preauth]
From (1), I would suggest adding the below three options in
Specifies the maximum number of authentication attempts permitted per
connection. Once the number of failures reaches half this value,
additional failures are logged. The default is 6.
Specifies the maximum number of open sessions permitted per network
connection. The default is 10.
Specifies the maximum number of concurrent unauthenticated connections
to the SSH daemon. Additional connections will be dropped until
authentication succeeds or the LoginGraceTime expires for a connection.
The default is 10.
Alternatively, random early drop can be enabled by specifying the three
colon separated values ''start:rate:full'' (e.g. "10:30:60"). sshd(8)
will refuse connection attempts with a probability of ''rate/100'' (30%)
if there are currently ''start'' (10) unauthenticated connections. The
probability increases linearly and all connection attempts are refused
if the number of unauthenticated connections reaches ''full'' (60)."
Also adding the below line might be useful:
If you have a firewall, try to limit the connection there as well (2).
It looks like you are using password auth, if yes, consider using key