[IAmGraydon]

Anyone who has run an SSH server on the default port knows that you’ll get hundreds or thousands of login attempts per day. Changing the port to something less obvious and running fail2ban is enough to mitigate most of it. They’re just looking for low hanging fruit.

[chx]

I just run sslh...

[KomoD]

That looks pretty cool, I hadn't heard of it before, has it been reliable for you?

[chx]

Very much, yes.

[PhilipRoman]

Changing the default port - yeah, works wonders for reducing noise. But I don't understand why people run fail2ban. Nobody is going to be brute forcing a ssh login, all it does is add another moving part very close to a security boundary for very little gain.

[tetris11]

Yes they do. I had a colleague who opened up his machine to another using the logon "remote" and let them set the password.

It was cracked the next day. It turns out having 12345678 is probably a bad password.

[gnabgib]

Have you recently run a server? It takes a week-month before your ssh port is published on shodan/binaryedge/censys/criminalIP and other dodgy scanners.. and then you can expect constant attention, and yes.. 14691 attempted logins for every username possible (even though password login is turned off) from the same IP (usually a VPN, tor exit, or "crowdsourced VPN")

[KomoD]

> Nobody is going to be brute forcing a ssh login

Uh what? Yes people do...