Path: csiph.com!news.mixmin.net!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: Andreas Kohlbach <ank@spamfence.net>
Newsgroups: comp.os.linux.misc
Subject: Re: Is It Time To Replace SSH ???
Date: Sat, 17 Dec 2022 20:20:41 -0500
Organization: A noiseless patient Spider
Lines: 42
Message-ID: <87359dv76e.fsf@usenet.ankman.de>
References: <y-ycndVmEZmnWQf-nZ2dnZfqn_WdnZ2d@earthlink.com> <tnfk1k$344am$3@dont-email.me> <87r0x0xmre.fsf@usenet.ankman.de> <tnhd9l$3bglv$2@dont-email.me> <k02s5aFjp4fU2@mid.individual.net> <87mt7mwyvl.fsf@usenet.ankman.de> <op.1xa671jca3w0dxdave@hodgins.homeip.net> <871qoywh67.fsf@usenet.ankman.de> <op.1xbuojdxa3w0dxdave@hodgins.homeip.net>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Info: reader01.eternal-september.org; posting-host="45386fd9d7eacbad561ae8a38bbae0d9"; logging-data="3993081"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1/6ohKPba43Wy7HNWUdJ3uf"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:ePCKx9LbbYQ+4pg1tsAfba4nPhk= sha1:E5mKPxURRPHXnNKCC0mKY62kBWM=
X-No-Archive: Yes
Xref: csiph.com comp.os.linux.misc:36531

On Sat, 17 Dec 2022 10:30:09 -0500, David W. Hodgins wrote:
>
> On Sat, 17 Dec 2022 03:47:12 -0500, Andreas Kohlbach <ank@spamfence.net> wrote:
>
>> On Sat, 17 Dec 2022 02:03:27 -0500, David W. Hodgins wrote:
>>>
>>> I don't block, but I use a non-standard port. Otherwise failed attempts
>>> can fill the filesystem where the logs are stored. I had that happen before
>>> I switched ports.
>>
>> There's logrotate to take care of logfile sizes.
>>
>> ~$ ls -lrt /var/log/auth*
>> -rw-r----- 1 root adm  78358 Nov 19 23:39 /var/log/auth.log.4.gz
>> -rw-r----- 1 root adm  83875 Nov 26 23:57 /var/log/auth.log.3.gz
>> -rw-r----- 1 root adm  44726 Dec  3 23:46 /var/log/auth.log.2.gz
>> -rw-r----- 1 root adm 449644 Dec 10 23:51 /var/log/auth.log.1
>> -rw-r----- 1 root adm 987377 Dec 17 03:45 /var/log/auth.log
>
> When you get a few dozen hits per minute, it doesn't take a week to use a lot
> of log space. Rotating more often will mean info will be removed sooner too.

We (at least not me) not offer commercial services. Thus all there is
noise we need not to look into, unless fear we've been hacked. Thus space
will not clog up unless you have not much disk space anyway. Thus default
setting (compress once a week or so) is fine for most of us.

> Granted, disk drive space has come down in price a lot since I ran into the
> issue and switched to using a custom port, but there are also new systems
> such as raspberry pi, that normally run from an sd card, which limits the
> drive size.

As not commercial service i didn't bought a new drive just to log noise.

As mentioned, I have my IP two year now with port 22 open to the
internet. And I *don't* drown in logs, see the excerpt on top.

But of course, feel free to use an other port than 22. That's reduce
noise. But I stick with 22 (I might just forget where I otherwise set it
to) as I have no problem with that since decades.
-- 
Andreas