Following SGVLUG presentation on ssh tricks, I setup an sshd server instance on my debian workstation, using public key auth, and was able to be successful.
I made sure to disable root login, and any password login attempts by modifying sshd_config.
In the hour I was testing the new wonder, I was also tail-ing my auth log.
To my chagrin, in the two times I tested, I had many attempts to access my ssh:
Oct 18 01:59:55 pip sshd: Invalid user oracle from 184.108.40.206 Oct 18 02:00:02 pip sshd: Invalid user test from 220.127.116.11 Oct 18 02:08:34 pip sshd: Invalid user test from 18.104.22.168 Oct 18 02:08:42 pip sshd: Invalid user test from 22.214.171.124 Oct 18 03:12:02 pip sshd: Invalid user oracle from 126.96.36.199 Oct 18 03:12:09 pip sshd: Invalid user test from 188.8.131.52 ... Oct 18 10:48:01 pip sshd: Invalid user peter from 184.108.40.206 Oct 18 10:48:07 pip sshd: Invalid user peter from 220.127.116.11 Oct 18 10:48:13 pip sshd: Invalid user sergei from 18.104.22.168 Oct 18 10:48:19 pip sshd: User root from 22.214.171.124 not allowed because not listed in AllowUsers
So, I am hoping I could get advice or suggestions on what further protections I could add (if any). - I don't think static firewall rules would help, as I am hoping to ssh into my box from anywhere - I am guessing there is a way to have automation block or slowdown attempts if they begin to seem suspicious.
I am no sysadmin, but looks like I am gonna have to learn some sysadmin-ish stuff if I want to prevent my system from getting compromised. That, or admit I am over my head, and abandon trying to be able to ssh into my box and do stuff from the outside world.
Welcome to the new LiveJournal
Some changes have been made to LiveJournal, and we hope you enjoy them! As we continue to improve the site on a daily basis to make your experience here better and faster, we would greatly appreciate your feedback about these changes. Please let us know what we can do for you!