Is someone bruteforcing my password? sshd: unknown [net] and sshd: [accepted] flashing in htop
Solution 1:
- Check your /var/log/auth.log
Install fail2ban and autoban ssh bruteforcers. You can edit /etc/fail2ban/jail.conf:
[ssh] enabled = true port = 22 filter = sshd logpath = /var/log/auth.log bantime = -1 maxretry = 5
Solution 2:
Check your /var/log/auth.log
you should see a high number of failed attempts if someone is trying to attack you. It's commonly known as Internet Background noise.
You can install a a host based intrusion detection system like OSSEC and enable the active response to temporarily block offending IP addresses.