Checking logs the other day I noticed another instance where ssh bots trying to get access to my home server. Monitoring auth.log for less that a minute revealed 11 failed attempts.
$ tail -f /var/log/auth.log | grep Failed Oct 8 20:53:37 boss sshd[27267]: Failed password for invalid user peru from 68.216.125.39 port 43047 ssh2 Oct 8 20:53:40 boss sshd[27269]: Failed password for invalid user china from 68.216.125.39 port 43974 ssh2 Oct 8 20:53:44 boss sshd[27271]: Failed password for invalid user uk from 68.216.125.39 port 44570 ssh2 Oct 8 20:53:48 boss sshd[27273]: Failed password for invalid user ok from 68.216.125.39 port 45358 ssh2 Oct 8 20:53:52 boss sshd[27276]: Failed password for invalid user navy from 68.216.125.39 port 46298 ssh2 Oct 8 20:53:55 boss sshd[27278]: Failed password for invalid user spring from 68.216.125.39 port 47694 ssh2 Oct 8 20:53:59 boss sshd[27280]: Failed password for invalid user summer from 68.216.125.39 port 49883 ssh2 Oct 8 20:54:03 boss sshd[27282]: Failed password for invalid user autumn from 68.216.125.39 port 50796 ssh2 Oct 8 20:54:07 boss sshd[27284]: Failed password for invalid user winter from 68.216.125.39 port 51960 ssh2 Oct 8 20:54:10 boss sshd[27286]: Failed password for invalid user snow from 68.216.125.39 port 52885 ssh2 Oct 8 20:54:14 boss sshd[27288]: Failed password for invalid user skyrix from 68.216.125.39 port 53493 ssh2
It’s probably not a bad idea to add some security. For now we’ll enable the MaxStartups function in sshd_config. I’d prefer to run Fail2Ban but have some dependancy problems with python. I’ll have to look into that or other options.