I have a #question about #fail2ban, #YunoHost and #SSH, of course running on a #Linux host.
I get this diagnosis mail daily (or more frequent) with failed login attempts via SSH (see message below), I think it is not unusual to have many failed login attempts, I checked fail2ban is running. On other servers I get one failed login per second, I don't run fail2ban on these (as I don't give a fuck, hackers can just switch through #tor circuits to get not banned).
So I also run some #Tor exit and the SSH login attempt with wrong user/password is the most common abuse complaints I get there. (Note: Please do not send out abuse complaints for this or filter out Tor Exits, there is blacklists that contain all Exits. It is just your ticket system talking to my ticket system offering to block access to your servers IP, which would not help to solve your problem anyway)
So what do I do about the failed logins, why is Yunohosts threshold so low that it complains about that?
Should I switch to a not standard port? Login by SSH is only allowed key based, so guessing the password would not work.
What do I do?
Message:
[WARNING] There's been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in https://yunohost.org/security.