[fsmv]

You just need to turn off password authentication so it's keys only. They can attempt logins all they want and never get in.

Also if you run ssh on a nonstandard port you get many fewer attempts. There are several groups that constantly scan all of ipv4 for open ports, if you use ipv6 they cannot scan that space anymore.

Optionally you can set up fail2ban but I find it's not a big deal.

[ogud2025]

I changed my SSH configuration to only listen on an IPv6 address 6 months ago and since then the number of SSH attacks has fallen from 1000+/day to less than 10/week.

[hugocbp]

Thanks!

That is usually what I already do. Good to know I'm on the right path.

When possible I disable root login as well (though Coolify seems to need it on, even if without password).