top | item 45947135

(no title)

timeinput | 3 months ago

and it has been that way for a long time. Hosting a service on the internet means some one is *constantly* knocking at your door. It would be unimaginable if every few 10-1000s of milliseconds someone was trying a key in my front door, but that's just what it is with an open port on the internet.

discuss

sshine|3 months ago

I recently provisioned a VPS for educational purposes. As part of teaching public/private network interfaces in Docker, and as a debug tool, I run netstat pretty easily on.

Minutes after coming into existence, I have half a dozen connections to sshd from Chinese IP addresses.

That teaches the use of SSH keys.

toyg|3 months ago

Just put sshd on a nonstandard port, and 95% of the traffic goes away. Vandals can't be bothered with port-scanning, probably because the risk of getting banned before the scan is even complete is too high.

But I agree that keys are not optional anymore.

esseph|3 months ago

Fronting with ssh is not as secure as you could be.

Wireguard, tailscale, etc instead, THEN use ssh keys (with password on them mind you, then you have 2fa - something you have, and something you know).