Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: "Carlos E. R." <robin_listas@es.invalid>
Newsgroups: comp.os.linux.misc
Subject: Re: Is It Time To Replace SSH ???
Date: Sat, 17 Dec 2022 12:43:12 +0100
Lines: 39
Message-ID: <k05oagF35vsU2@mid.individual.net>
References: <y-ycndVmEZmnWQf-nZ2dnZfqn_WdnZ2d@earthlink.com> <tnfk1k$344am$3@dont-email.me> <87r0x0xmre.fsf@usenet.ankman.de> <tnhd9l$3bglv$2@dont-email.me> <k02s5aFjp4fU2@mid.individual.net> <87mt7mwyvl.fsf@usenet.ankman.de> <op.1xa671jca3w0dxdave@hodgins.homeip.net> <871qoywh67.fsf@usenet.ankman.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net OxNyy4thKEeAKcIhQgF2agw+Em8ad1xJ5tUiiH44GhsZUhkRAU
Cancel-Lock: sha1:uc6HXJy+oEmSJ2cpenoSzKR/QJs=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1
Content-Language: es-ES, en-CA
In-Reply-To: <871qoywh67.fsf@usenet.ankman.de>
Xref: csiph.com comp.os.linux.misc:36522

On 17/12/2022 09.47, Andreas Kohlbach wrote:
> On Sat, 17 Dec 2022 02:03:27 -0500, David W. Hodgins wrote:
>>
>> On Fri, 16 Dec 2022 21:24:46 -0500, Andreas Kohlbach <ank@spamfence.net> wrote:
>>
>>> On Fri, 16 Dec 2022 10:30:17 +0100, Carlos E. R. wrote:
>>>>
>>> Nah, don't. Have them have their fun. They don't know root won't get in
>>> and waste their own resources. Although today it won't matter either. But
>>> not letting them know they cannot login as root they keep trying instead
>>> of wandering off and try other servers where they might be successful.
>>>
>>>> That's something a human operator would do.
>>>
>>> I don't think so. Unless being DDoSed. But then you have to take a
>>> completely different approach to mitigate the traffic.
>>
>> I don't block, but I use a non-standard port. Otherwise failed attempts
>> can fill the filesystem where the logs are stored. I had that happen before
>> I switched ports.
> 
> There's logrotate to take care of logfile sizes.

That's not the issue.

The issue is so much noise that something important will be missed.

> 
> ~$ ls -lrt /var/log/auth*
> -rw-r----- 1 root adm  78358 Nov 19 23:39 /var/log/auth.log.4.gz
> -rw-r----- 1 root adm  83875 Nov 26 23:57 /var/log/auth.log.3.gz
> -rw-r----- 1 root adm  44726 Dec  3 23:46 /var/log/auth.log.2.gz
> -rw-r----- 1 root adm 449644 Dec 10 23:51 /var/log/auth.log.1
> -rw-r----- 1 root adm 987377 Dec 17 03:45 /var/log/auth.log

-- 
Cheers,
        Carlos E.R.