[PhilipRoman]

Changing the default port - yeah, works wonders for reducing noise. But I don't understand why people run fail2ban. Nobody is going to be brute forcing a ssh login, all it does is add another moving part very close to a security boundary for very little gain.

[tetris11]

Yes they do. I had a colleague who opened up his machine to another using the logon "remote" and let them set the password.

It was cracked the next day. It turns out having 12345678 is probably a bad password.

[gnabgib]

Have you recently run a server? It takes a week-month before your ssh port is published on shodan/binaryedge/censys/criminalIP and other dodgy scanners.. and then you can expect constant attention, and yes.. 14691 attempted logins for every username possible (even though password login is turned off) from the same IP (usually a VPN, tor exit, or "crowdsourced VPN")

[KomoD]

> Nobody is going to be brute forcing a ssh login

Uh what? Yes people do...