I opened up SSH for about a day, and now I have a few messages about "failed authentication" requests from foreign IPs. One of them resides in Bangkok! I know they will have trouble gaining access without a key, but should I be scared? ahaha :\
OH said:Other people will tell you to run sshd on a non-standard port.
block quick from <bad_hosts>
# Allow ssh connections globally, but rate limited
pass in quick proto tcp from any to any port 22 keep state\
(max-src-conn-rate 3/180, overload <bad_hosts> flush global)
gordon@ said:If you are using pf(4), you can just use the following rules (which are running on my server):
Code:block quick from <bad_hosts> # Allow ssh connections globally, but rate limited pass in quick proto tcp from any to any port 22 keep state\ (max-src-conn-rate 3/180, overload <bad_hosts> flush global)
OH said:I use this too, but I also see that the crackers/scriptkiddies anticipate this and space their attempts accordingly. Having another program looking at the logfile (which I don't do) does improve on the security.
SirDice said:Nothing much you can do about it. Just sit out the ride and make sure all your accounts are properly setup with proper passwords.