Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E. R." Newsgroups: comp.os.linux.misc Subject: Re: Is It Time To Replace SSH ??? Date: Sat, 17 Dec 2022 12:41:57 +0100 Lines: 41 Message-ID: References: <87r0x0xmre.fsf@usenet.ankman.de> <87mt7mwyvl.fsf@usenet.ankman.de> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net d7KUopHNzxnHUpp1tZDduAjHfySlkShPIaR84StFPs3aMxBVSw Cancel-Lock: sha1:Vj3slytQpg3StCsaCpyqhcenQJg= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Content-Language: es-ES, en-CA In-Reply-To: Xref: csiph.com comp.os.linux.misc:36521 On 17/12/2022 08.03, David W. Hodgins wrote: > On Fri, 16 Dec 2022 21:24:46 -0500, Andreas Kohlbach > wrote: > >> On Fri, 16 Dec 2022 10:30:17 +0100, Carlos E. R. wrote: >>> >>> On 16/12/2022 10.20, The Natural Philosopher wrote: >>> >>>> I've had open SSH for years on backbone hosted kit. everybody tries >>>> to login as root. >>>> I let them. Root is not allowed to log in. >>> >>> One idea would be to automatically block the IPs that try to login as >>> root or other typical names used by bots. >> >> Nah, don't. Have them have their fun. They don't know root won't get in >> and waste their own resources. Although today it won't matter either. But >> not letting them know they cannot login as root they keep trying instead >> of wandering off and try other servers where they might be successful. They fill the logs. >> >>> That's something a human operator would do. >> >> I don't think so. Unless being DDoSed. But then you have to take a >> completely different approach to mitigate the traffic. > > I don't block, but I use a non-standard port. Otherwise failed attempts > can fill the filesystem where the logs are stored. I had that happen before > I switched ports. Yes, that's what I do. Works wonderfully, not a hit in months. > > Regards, Dave Hodgins -- Cheers, Carlos E.R.