I have been getting this message from Automatic Diagnosis for a few days now:
[WARNING] There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in Security | Yunohost Documentation.
I have not changed anything manually.
How can I go troubleshooting?
My YunoHost server
Hardware: VPS bought online YunoHost version: 4.3.4.1 I have access to my server : Through SSH Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
A robot try to brute force the ssh connexion on your server, don’t fear it’s very common. If you have a good password (at least 12 chars) and fail2ban activated you are safe
You can change the port number for ssh:
yunohost settings set security.ssh.port -v 2222
After that don’t close your console and try with an other one to log in ssh with the port 2222. If itworks you can close all console
Since a couple of weeks now(yunohost 4.3?) i get the same warning. When I look at the logs it seems to be true.
When I follow the advise for passwordless ssh with certificate concerning security in yunohost documentation I have to change the “PasswordAuthentication” from yes to no.
This action solves the problem with too many authentication failures.
But next day I get the warning-message, that the sshd_config was changed and there could be problems in the future when updates would not touch the sshd_config.
What to do? I set the last warning to ignore, but I have no good feeling that way.
Error after: yunohost settings set security.ssh.password_authentication -v no
Der Schlüssel’security.ssh.password_authentication’ existiert nicht in den globalen Einstellungen, du kannst alle verfügbaren Schlüssel sehen, indem du ‘yunohost settings list’ ausführst