On Sb, 23 oct 21, 09:33:44, Joe wrote: > > The ssh protocol by default works on TCP port 22, but the sshd (server) > configuration file allows different ports to be specified. If you have > port 22 open to the Internet, you will get many firewall logs for > people trying brute-force password attacks, which tells you why you > should be using keys. Using a different port won't be any more secure, > but it will stop these logs. I've seen such brute-force attacks[1] also on different ports, they are just much rarer. The simple (temporary) solution for me was to reboot the router so it gets a different IP from the ISP. Long term I should probably look into something like fail2ban and/or port knocking. > Wherever you want to connect from must have a clear path to the ssh > port of your server. If you want to connect across the Internet, then > your Internet router must forward the ssh port to the server computer. > How to do this is specific to each model of router, but it's usually > easy to work out. It will ask for an incoming protocol (TCP) and port > number, the IP address of the destination computer in your network, and > sometimes a destination port. In the latter case, you can still use > port 22 on the server but accept something else entirely from over the > Net. My recommendation as well, as I prefer to run with defaults whenever possible. If already configuring a port forwarding in the router it's easy to use a different port on the public face of the router and keep the SSH server at its default. It also makes local SSH connections much easier as it's not necessary to reconfigure each client for each host. [1] The attacks didn't get past guessing an existing user name, even though one is a common English word and one is a Romanian given name :D Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature