[jokr004]

Is it just me or am I the only one who is a bit hesitant to submit the public IP/hostname to some random service on the web. I'm not trying to say that the creator of this has any ill intent, but I also don't know that they aren't cataloging addresses of potentially vulnerable ssh daemons.

Anyway.. just to reiterate I'm not trying accuse you of anything OP. Very cool utility, nice work!

[PeterisP]

That's not something you need to worry about - if you have a vulnerable ssh daemon with a public IPv4 address, then it's already been indexed and you submitting / not submitting it won't change anything.

Scanning all standard ports of all addresses of all IPv4 internet is computationally feasible and is done by many parties. For example, https://www.shodan.io/ is one place that has done so and allows public searching of e.g. all public IPs returning a particular SSH version or having particular key exchange algorithms enabled.

[GordonS]

Not if it's running on a non-standard port though

[PeterisP]

Yes, non-standard ports transfer it to the domain of either somewhat targeted scan or serious effort - scanning all ports of all IPv4 requires many machines and/or many weeks, so that's not available to everyone. However, I'd still expect multiple organizations to keep an up-to-date scan of all public facing ports worldwide; it's impractical to do it for fun, but if have a need and some budget, it seems doable.

[ZoFreX]

If they wanted to find vulnerable ssh daemons it would be much faster and easier to scan the web than wait for people to enter their details here.

Or to put it another way: if you're worried that your SSH is vulnerable, fix it. Don't rely on not typing it into a website, because people will find it regardless.

[JorgeGT]

> because people will find it regardless

In my experience, if you have an SSH port accessible from the internet, it has been probed today by a few Chinese/Russian IPs. Unless my raspberry pi home server is somehow a high value intelligence target...

[avian]

In my experience a SSH service on a random, non-standard port gets surprisingly few probes. I look after several machines and I see less than one attempt per year (versus hundreds per day for port 22). I have yet to see somebody probe a SSH that listens on IPv6-only.

[pmoriarty]

You might want to consider using port knocking[1] to make your ssh server even less susceptible to attack.

[1] - https://en.wikipedia.org/wiki/Port_knocking

[semi-extrinsic]

No, the best solution is to only allow login by SSH keys. No passwords => brute-forcing is impossible. So your threat model for someone gaining access no longer includes someone using weak passwords.

[pmoriarty]

If your ssh port is wide open and there's a remotely exploitable vulnerability, then using keys may not save you.

But there's no reason you couldn't use both keys and port knocking at the same time.

[dithering]

Unless you have a reason to target people here, of course...

[sajagi]

I totally understand your concern.

However, here's my perspective:

- if the server is public already then black hats can simply probe your networks (IPv4 is not that big) and find the servers by themselves. The odds are that hackers are probably not interested in your company anyway.

- there are people who don't care about security of their servers (or rather are lazy / naive) and might find this service useful. Even if we were black hats it would at last alarm them that something is wrong. If they ignore the warnings - well - god help them.

EDIT: typos

[ryandrake]

You're getting a lot of responses along the lines of: "Well if it's on the public internet it's already being indexed and scanned already, so there's no harm submitting a single IP address / hostname." Whoever thinks this is relevant: Please post your personal server's IP address here.

My phone number is 10 digits. It can easily be enumerated. I'm still not posting it in a public forum or submitting it to an unknown web site.

[haldean]

Sure thing. I have two boxes that run sshd exposed to the internet: 69.164.221.163 and 45.79.85.20. sshd runs on port 2020 now; I was running it on port 22 before but I got so many failed login attempts that it was actually causing noticable load on the system (something like average 10% CPU usage just for sshd).

I still get a couple hundred failed login attempts every day. Reasonably strong passwords and fail2ban mean that it's nbd.

Also, my phone number is on my website (it's 320 584 9293) and most of the spam calls I get are through whois, not the fact that there's a tel: URL out there pointing at it.

[PeterisP]

There's a significant difference - posting this information here is saying that x.y.z.w is my server, and that has a privacy concern, just as saying that my (or your) phone number is 1234567890.

Anonymously submitting that x.y.z.w is a server running ssh, on the other hand, doesn't provide anything beyond what's already publicly known.

Also, your phone number is not easily enumerated. Scanning even a small range of phone numbers (i.e. attempting a connection to see if they're valid) takes significant time and effort. Finding all open standard ssh ports on the whole internet, on the other hand, can be done in minutes with a good enough connection.

[sliken]

Do you get a few random phone calls every hour from someone you don't know?

Your ssh port is.

[a3n]

No, you're not the only one.