Hacker News new | ask | show | jobs
by miyuru 1724 days ago
If your ISP and the server support IPv6, just disable SSH on IPv4.

Some of my servers don't even have any IPv4 connectivity and there haven't been any failed SSH logins over IPv6.
2 comments
jimsi 1724 days ago
My OpenSSH is located on a non standard port, 22/tcp is going to the endlessh honeypot.
link
throw0101a 1724 days ago
> endlessh honeypot.

*tarpit

A honeypot lets people "in" to see/research malware that's in the wild:

* https://en.wikipedia.org/wiki/Honeypot_(computing)

A tarpit just takes up the attacker's resources:

* https://en.wikipedia.org/wiki/Tarpit_(networking)

link
judge2020 1724 days ago
Not what most people run, but SSH honeypots are also useful:

https://lwn.net/Articles/848291/

link
zinekeller 1724 days ago
Not to disappoint you, but except for logging SSH honeypots are becoming useless (most bots automatically disconnect when they detect a long login banner).
link
sudobash1 1723 days ago
So should I add a long banner to my server to disguise it as a honey pot, just in case?
link
zinekeller 1723 days ago
I mean, I'm not sure that you can do that with OpenSSH though (short of recompiling it, which I do not recommend unless you're a company).
link
jagger27 1723 days ago
I like this solution a lot!
link