Hundreds of failed login attempts: Is that normal?

Is this normal?

Yes. This is happening all the time.

What is it likely to be cause by?

Bots trying to get access to your system. If they are successful, they might abuse your system to do the same thing to other machines.

Is there anything to worry about?

In a nutshell: If you have disabled password based login, then no.

Are there any steps I should take to reduce these attempts?

You can use something like fail2ban.


Yes, I'd be more concerned if you didn't.

It's a good idea to...

  • change your ssh port (common)
  • drop packets from unknown IP address if you have a reliable source range.
  • add multi factor authentication
  • port knocking
  • scheduled firewall/service (only run ssh when you need it, emergency access via console)
  • install fail2ban to reduce repeat offenders

Tags:

Security

Ssh

Digital Ocean

Recent Posts