[berlinbrown]

What do you about all of those chinese hackers hitting your sshd server.

I have 30 different ips and fail2ban doesn't seem to ban them.

[RobAley]

Start by changing your SSH port from 22 to something else. It stops 99% of automated attacks. Beware that it is obscurity, not security though. That said, it does help clear some of the "noise" to focus on the other 1% of attacks where the attackers are actually a bit more sophisticated than a simple script.

[luser001]

Just curious. Have you enabled password logins on your servers, or do they only allow RSA key-based logins?

[berlinbrown]

I am new to this. I don't allow ssh logins password based.

The hackers fail according to sshd but logwatch lists a list of chinese and russian attempts.

I was hoping my firewall would block them. I tried entering a block of ips but some of the same ones are connecting.

I don't know what this means:

Illegal users from: undef: 20 times 183.60.177.246: 7 times 217.14.134.68: 7 times 219.149.30.170: 6 times

[ashray]

Try csf. Works like a charm for me.

[daemon13]

Did you use it in production?

Any pointers how to start? Good tutorials or walkthroughs?