You are not logged in.
Hi,
I have a small, but annoying, issue.
Quite recently, an ip appears in my logs (using systemd), trying to connect to ssh. Usually they are grabbed and banned by fail2ban, but not this one.
The log entries are similar to this:
Connection from ForeignIP port RANDOM on MYIP port 22
There are none of the usual entries for failed connection, but it tries to connect on random times, although never more than 5 min between attempts, continuously.
I banned it manually via fail2ban, but is it possible to use a filter for that instead ? The two set filters for ssh (sshd and sshd-ddos) rely on some error message, which doesn't appear here...
I am using ssh keys and only allow connections from selected username, so it is not that critical, but it does fill the logs, and it doesn't quite feel right anyway...
Thanks !
Offline
I had a similar issue when I had a raspberry pi ssh server connected to the internet.
For me the solution was to ban password logins alltogether, this can be done in sshd_config.
It should also prevent anything for being written to /var/log
Alternatively, sshguard may be more easy to set up to make permanent bans after a number of attempts.
Offline
If you mean "PasswordAuthentication" and "PermitEmptyPasswords", both are set to "no", as well as "ChallengeResponseAuthentication".
"UsePAM" is set at "yes", and both "RSAAuthentication" and "PubkeyAuthentication" are left commented (default to yes).
Offline