...
As soon as it is on the Internet people will try to brute force attack your server over ssh. Basically they keep on pounding your system trying different passwords. fail2ban
Just look in /var/log/auth.log to see some attackes,
| Code Block |
|---|
cat auth.log | grep "Invalid user"
Jun 19 18:18:33 myra sshd[29346]: Invalid user oracle from 210.83.86.139
Jun 19 18:18:36 myra sshd[29349]: Invalid user test from 210.83.86.139
Jun 19 18:19:02 myra sshd[29381]: Invalid user kylix from 210.83.86.139
Jun 19 18:19:09 myra sshd[29387]: Invalid user www from 210.83.86.139
|
Fail2ban makes this kind of attack not worthwhile. After a chosen number of failed login attempts from the same ip address, fail2ban blocks that ip address for a set period of time. As constantly changing ip addresses is not a trivial task, the attacker will move on to another system.
...