Re: [tlug] remote access to server

[Furkan Mustafa <furkan@example.com>]

* Disable password login from /etc/ssh/sshd_config and use only public
key authentication.

* Install fail2ban

* They won't be guessing your username/password. These kids try this
forever. No need to worry IMHO.

* Also, changing your ssh port from 22 to something else reduces this
almost down to zero.

* Also, some people install tor to their servers, and publish their ssh
access as a tor hidden service, and connect to their servers over tor.
Only if you need to go extreme I guess.

Furkan Mustafa

On 2017-06-03 14:41, Kevin Sullivan wrote:
> Howdy. Have my Debian LAMP webserver up and running again mostly.
>
> Router firewall had Port Forwarding to my server on static IP with :22,
> 80, 443 open.
>
> However, a tour of /var/log/auth.log showed persistent efforts to log 
> in
> as root from 3 IP's in China according to whois:
> 61.177.172.54
> 116.31.116.14
> 182.100.67.120
> Port :22 is now closed before they get around to guessing my non-root
> super-user name and pw.
>
> What methods allow relatively secure remote login for admin purposes
> from outside the local lan? Noobie here on the finer points of sysadmin
> and running a webserver from home open to the big bad world out there.
>
> Kevin Sullivan