On 04/03/2021 14.33, Per Jessen wrote:
Carlos E. R. wrote:
On 04/03/2021 14.12, Per Jessen wrote:
Lew Wolfgang wrote:
And of course botnets also scan for open ports, and not just the obvious ones. I just checked on my underused server with a direct and static connection, and over a 75-minute period I had 869 ports scanned, 637 of them were unique ephemeral high-numbered ports. Botnets don't care about laws, and if your IP is static for very long, your hidden ssh port could be exposed.
Yep, I can assure you they will be. Even if we use public key authentication, we still run ssh on a high port - on one server installed in 2015, there were no ssh attacks until 7 February 2021. Since 2907 login attempts.
On another, also installed in 2015, attempts started 1 November 2020, since then 136680.
Static IPs?
They are servers, so yes.
We might have to go one step further: migrate the port randomly and periodically.
As I have been trying to explain, it does not add anything. Just use public key auth.
On my case, it does help. Hits are very rare. Yes, of course I use public key auth, since day one. Changing the port periodically just reduces noise in the logs. Would be akin to changing the password periodically :-) -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)