So it’s my first time setting up a VPS. Is it to be expected to ban 54 IPs over a 12h timespan? The real question for me is whether this is normal or too much.

$ sudo fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 3
|  |- Total failed:     586
|  `- Journal matches:  _SYSTEMD_UNIT=ssh.service + _COMM=sshd
`- Actions
   |- Currently banned: 51
   |- Total banned:     54
   `- Banned IP list:   [list of IPs]

fail2ban sshd.conf

$ sudo cat /etc/fail2ban/jail.d/sshd.conf 
[sshd]
enabled = true
mode = aggressive
port = ssh
backend = systemd
maxretry = 3
findtime = 600
bantime = 86400

I have disabled SSH login via password. And only allow it over an SSH key.

$ sudo sshd -T | grep -E -i 'ChallengeResponseAuthentication|PasswordAuthentication|UsePAM|PermitRootLogin'
usepam no
permitrootlogin no
passwordauthentication no
    • surewhynotlem@lemmy.worldEnglish
      7·
      1 day ago

      I love the concept of port knocking, but it seems like a lot of overhead if the client apps themselves don’t support it.

      Now if the SSH client could take a parameter called knock_on_this port, that would be awesome.

    • BlueBockser@programming.devEnglish
      1·
      22 hours ago

      Good luck getting e.g. Ansible to work with that. At that point I’d just switch to a hosting provider with an actual firewall.

      • mumblerfish@lemmy.worldEnglish
        3·
        21 hours ago

        Setup your ssh config to use a proxy command which uses netcat to knock on the ports. Ansible will work with that.