I have been getting this message from Automatic Diagnosis for a few days now:
[WARNING] There’s been a suspiciously high number of authentication failures recently. You may want to make sure that fail2ban is running and is correctly configured, or use a custom port for SSH as explained in Security | Yunohost Documentation.
I have not changed anything manually.
How can I go troubleshooting?
My YunoHost server
Hardware: VPS bought online YunoHost version: 126.96.36.199 I have access to my server : Through SSH Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
Since a couple of weeks now(yunohost 4.3?) i get the same warning. When I look at the logs it seems to be true.
When I follow the advise for passwordless ssh with certificate concerning security in yunohost documentation I have to change the “PasswordAuthentication” from yes to no.
This action solves the problem with too many authentication failures.
But next day I get the warning-message, that the sshd_config was changed and there could be problems in the future when updates would not touch the sshd_config.
What to do? I set the last warning to ignore, but I have no good feeling that way.