Is someone bruteforcing my password? sshd: unknown [net] and sshd: [accepted] flashing in htop

Solution 1:

  1. Check your /var/log/auth.log
  2. Install fail2ban and autoban ssh bruteforcers. You can edit /etc/fail2ban/jail.conf:

    [ssh]
    
    enabled = true
    port    = 22
    filter  = sshd
    logpath  = /var/log/auth.log
    bantime = -1
    maxretry = 5
    

Solution 2:

Check your /var/log/auth.log you should see a high number of failed attempts if someone is trying to attack you. It's commonly known as Internet Background noise.

You can install a a host based intrusion detection system like OSSEC and enable the active response to temporarily block offending IP addresses.

Tags:

Ssh

Vps