I'm glad someone is having fun.

I would be kinda terrified

I know a couple of resources on making your ssh host secure, but still... I'm no sysadmin...

install fail2ban, problem solved

@bytecode can it accidentally ban yourself?

@bytecode it's installed, I've just been lazy enough to put off configuring it for quite some time.

@erandria I've been thinking of just using generated keys. Probably 2048-bit or more.

showing your IP [92.238.*.*] to the public? :) Brave.

Also, my guys are more lazy. I think they're giving up :)

There were 3255 failed login attempts since the last successful login.

The best part, I still have root password ssh auth enabled :) Good luck guessing that mthfckrs!

Change the default port from 22. I often use 22022. It helps a lot.

Doesn’t make it more secure, but you’ll receive A LOT less requests.

You can also geo block Asia, then you will get even less attempts.

Or if you have a public ipv6, then just use that. That also helps

Just use ed25519 and when you can successfully authenticate with it on two users set permit password off in sshd config.
Never bothered with fail 2 ban, I trust they can't brute force my keys

CSF to the rescue!

Took me solid 8.34 seconds to realise that this is terminal on mobile.
For more than 4 seconds I was like, "Why the hell there are icons on terminal? which zsh theme is that O.o?!"

@devs security through obscurity much? :P

@JiggleTits wouldn’t call it security. Still need fail2ban and such, but the network uses a lot less bandwidth since fewer people are trying to poke through

@devs fair point

Disable root login (this is a must) and switch from using passwords to using the PKI. Disable password login and laugh at all the pointless login attempts.

@Aldar @hjk101 yeah, I'll probably switch to using generated keys whenever I'm not a lazy 🥔.

@devs I don't have a public IPv6 address so no can do but I will probably change the port number sooner or later.

@devs BTW it's "ChinaNet Jiangsu Province Network", whatever that is.

@BadFox even just changing the port makes a huge difference

@netikras I don't have a static IPv4 address. I use a dynamic DNS service to connect remotely so me sharing that address won't matter eventually. That traffic was in just a day, I checked earlier and it was much higher that that but then it reset so...

My plan is to make it extremely expensive and leave them guessing. I'll just get a laugh out of it.

@linuxxx I use FirewallD for now but I'll probably switch to UFW for the simpler configuration.

@lazysnail hehehe, I'm sort of lazy so if I don't have to move I won't hence the phone JuiceSSH app.

@erandria well if you fail enough times, yes, it can... but you should be using keys instead of passwords anyway so that should not happen

@erandria It can accidentally ban yourself, but only for a limited amount of time.

@BadFox actually I use keys in ssh agent because I'm lazy. Even though I use a password manager authenticating is still bothersome.
Don't use any software that needs to do something over ssh and doesn't support ssh-agent.
It's brilliant shit just works (git, sftp client, IDE etc)

@hjk101 that's good, I'll probably do that once I have the time.