undefined | Better HN

0 pointsangry_octet4y ago0 comments

I've tried it, and the number of failed logins is still significant, and it can only have gotten worse now, given the ease of scanning the entire IPv4 range.

If you only have {2fa,key,certificate} auth the number of alerts you should have from SSHD itself is (almost) zero, failed logins are (almost) _all_ _noise_. Higher level systems that monitor origin/destination/heuristics of successful logins are where its at.

0 comments

1 comments · 1 top-level

BenjiWiebe4y ago

I've got a web server with a popular vps company. With ssh on port 22, I (naturally) got lots of failed login attempts.

I moved it to another port...0 attempts in the last 7 days (btmp was rotated then).

It shuts down log spam 100% for me.

j / k navigate · click thread line to collapse