Following SGVLUG presentation on ssh tricks, I setup an sshd server instance
on my debian workstation, using public key auth, and was able to be
I made sure to disable root login, and any password login attempts by
In the hour I was testing the new wonder, I was also tail-ing my auth log.
To my chagrin, in the two times I tested, I had many attempts to access my
Oct 18 01:59:55 pip sshd: Invalid user oracle from 220.127.116.11
Oct 18 02:00:02 pip sshd: Invalid user test from 18.104.22.168
Oct 18 02:08:34 pip sshd: Invalid user test from 22.214.171.124
Oct 18 02:08:42 pip sshd: Invalid user test from 126.96.36.199
Oct 18 03:12:02 pip sshd: Invalid user oracle from 188.8.131.52
Oct 18 03:12:09 pip sshd: Invalid user test from 184.108.40.206
Oct 18 10:48:01 pip sshd: Invalid user peter from 220.127.116.11
Oct 18 10:48:07 pip sshd: Invalid user peter from 18.104.22.168
Oct 18 10:48:13 pip sshd: Invalid user sergei from 22.214.171.124
Oct 18 10:48:19 pip sshd: User root from 126.96.36.199 not allowed
because not listed in AllowUsers
So, I am hoping I could get advice or suggestions on what further
protections I could add (if any).
- I don't think static firewall rules would help, as I am hoping to ssh
into my box from anywhere
- I am guessing there is a way to have automation block or slowdown
attempts if they begin to seem suspicious.
I am no sysadmin, but looks like I am gonna have to learn some sysadmin-ish stuff
if I want to prevent my system from getting compromised. That, or admit I am over my head, and abandon
trying to be able to ssh into my box and do stuff from the outside world.