>open fail2ban.log for the first time
>hundreds of incidents daily of gooks trying to bruteforce my ssh password
>>56062889
>not adding whole ipblock of China to iptables drop.
honestly, what do they even gain from this
>ssh password
>not key
Lmao
>all servers that I manage inside network only reachable through VPN
>network admin has to deal with all this bullshit
feelsgood
>>56063193
It's all automated attacks and if they succeed you just get added to a botnet to be used for spamming, DDoS attacks, proxies etc.
Wtf I hate fail2ban now
>>56063299
do people really use those passwords that they try?
>>56062889
and if you run a web server you will see botnets scanning for php shit that you havent even installed.
>>56062889
welcome to the internet, circa 2008
where've you been
>>56062889Aug 13 16:15:57 kana sshd[11294]: fatal: Unable to negotiate with <ip> port <port>: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
Hundreds of lines of this.
There's two things in my config that give them a bad time.
Firstly, you need a recent version of OpenSSH to connect. Running old crypto? Fuck you, you're not me. And this is being very generous.# /etc/ssh/sshd_config
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]
Secondly:PasswordAuthentication no
100% keys. They will never get in. Really why would you ever use passwords.
But that's OK. They're looking for low-hanging fruit, not me, and there are, sadly, plenty of those around; you can tell because that's where all the spam comes via.
>>56063736
>Really why would you ever use passwords.
they're perfectly fine so long as you use strong ones. No way they'll brute-force a 16-character random string.
>>56063492
yes there are more idiots on the planet than you think
>>56062889
>using passwords
>not blocking all IPs except the ranges assigned to your RIR/country
>not using port knocking
>>56063879
it's completely retarded desu