Re: [tor-relays] Relay failed logins

On 02/24/2018 09:54 PM, Spiros Andreou wrote: [snip]

1. install fail2ban which will block anyone who fails a login 3 times
2. move SSH to a non standard port (preferably >1000)
3. reconfigure SSH to only allow login with keys instead of passwords - generate and successfully test login with a key first before you set this option
4. change the firewall to only allow logins from a specified IP address (yours if you have a static IP)

[snip]

1) Or else use SSHGuard which is a little easier. I think fail2ban did catch up with IPv6 support, which might or might not be relevant.

2) That quiets the logs for a while. But even when you are found again there won't be nearly as many attackers

3) Using keys and prohibiting passwords is probably the single most useful thing to make sure of here. It's also very easy.

4) Locking the firewall to accept incoming from only specific IP addresses isn't good if one moves around.

On 02/24/2018 09:36 PM, Olaf Grimm wrote: [snip]

Is this amount of attacks regular?

[snip]

When I ran a middle relay, it was constantly scanned quite heavily and not just for SSH services.

My 2 cents.

/Lars