Improve Security SSH

Support
1

Hardware: dedicated Server
YunoHost version: 11.1.19
I have access to my server : ssh

Hello, I would like improve my security on SSH connexion.
I paste my log … How to do ?

2023-05-19 23:56:20,857 fail2ban.actions        [6685]: NOTICE  [sshd] Ban 218.92.0.113
2023-05-19 23:56:20,864 fail2ban.filter         [6685]: INFO    [recidive] Found 218.92.0.113 - 2023-05-19 23:56:20
2023-05-19 23:56:22,520 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.113 - 2023-05-19 23:56:22
2023-05-20 00:01:50,438 fail2ban.actions        [6685]: NOTICE  [sshd] Unban 218.92.0.25
2023-05-20 00:06:19,354 fail2ban.actions        [6685]: NOTICE  [sshd] Unban 218.92.0.113
2023-05-20 00:06:29,745 fail2ban.filter         [6685]: INFO    [pam-generic] Found 218.92.0.34 - 2023-05-20 00:06:29
2023-05-20 00:06:33,047 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.34 - 2023-05-20 00:06:32
2023-05-20 00:06:36,254 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.34 - 2023-05-20 00:06:35
2023-05-20 00:06:38,859 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.34 - 2023-05-20 00:06:38
2023-05-20 00:06:42,818 fail2ban.filter         [6685]: INFO    [pam-generic] Found 218.92.0.34 - 2023-05-20 00:06:42
2023-05-20 00:06:45,471 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.34 - 2023-05-20 00:06:45
2023-05-20 00:06:49,478 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.34 - 2023-05-20 00:06:49
2023-05-20 00:06:51,482 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.34 - 2023-05-20 00:06:51
2023-05-20 00:37:37,063 fail2ban.filter         [6685]: INFO    [pam-generic] Found 218.92.0.98 - 2023-05-20 00:37:36
2023-05-20 00:37:38,442 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:37:38
2023-05-20 00:37:41,059 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:37:40
2023-05-20 00:37:45,066 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:37:45
2023-05-20 00:37:48,804 fail2ban.filter         [6685]: INFO    [pam-generic] Found 218.92.0.98 - 2023-05-20 00:37:48
2023-05-20 00:37:50,678 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:37:50
2023-05-20 00:37:52,683 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:37:52
2023-05-20 00:37:55,889 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:37:55
2023-05-20 00:37:59,162 fail2ban.filter         [6685]: INFO    [pam-generic] Found 218.92.0.98 - 2023-05-20 00:37:58
2023-05-20 00:38:01,700 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:38:01
2023-05-20 00:38:04,906 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:38:04
2023-05-20 00:38:08,112 fail2ban.filter         [6685]: INFO    [sshd] Found 218.92.0.98 - 2023-05-20 00:38:07
2023-05-20 01:16:02,828 fail2ban.filter         [6685]: INFO    [pam-generic] Found 80.94.95.18 - 2023-05-20 01:16:02
2023-05-20 01:16:02,968 fail2ban.filter         [6685]: INFO    [sshd] Found 80.94.95.18 - 2023-05-20 01:16:02
2023-05-20 01:16:04,973 fail2ban.filter         [6685]: INFO    [sshd] Found 80.94.95.18 - 2023-05-20 01:16:04
2023-05-20 05:59:06,638 fail2ban.filter         [6685]: INFO    [pam-generic] Found 80.94.95.18 - 2023-05-20 05:59:06
2023-05-20 05:59:06,750 fail2ban.filter         [6685]: INFO    [sshd] Found 80.94.95.18 - 2023-05-20 05:59:06
2023-05-20 05:59:08,755 fail2ban.filter         [6685]: INFO    [sshd] Found 80.94.95.18 - 2023-05-20 05:59:08
2023-05-20 07:05:35,201 fail2ban.filter         [6685]: INFO    [sshd] Found 176.111.173.193 - 2023-05-20 07:05:34
2023-05-20 07:05:35,202 fail2ban.filter         [6685]: INFO    [sshd] Found 176.111.173.193 - 2023-05-20 07:05:34
2023-05-20 07:05:37,970 fail2ban.filter         [6685]: INFO    [pam-generic] Found 176.111.173.193 - 2023-05-20 07:05:37
2023-05-20 07:05:40,411 fail2ban.filter         [6685]: INFO    [sshd] Found 176.111.173.193 - 2023-05-20 07:05:40
2023-05-20 07:05:46,621 fail2ban.filter         [6685]: INFO    [sshd] Found 176.111.173.193 - 2023-05-20 07:05:46
2023-05-20 07:44:20,125 fail2ban.filter         [6685]: INFO    [pam-generic] Found 91.165.73.80 - 2023-05-20 07:44:20
2023-05-20 07:44:20,579 fail2ban.filter         [6685]: INFO    [pam-generic] Found 91.165.73.80 - 2023-05-20 07:44:20
2023-05-20 07:47:10,735 fail2ban.filter         [6685]: INFO    [sshd] Found 200.148.163.123 - 2023-05-20 07:47:10
2023-05-20 07:47:11,263 fail2ban.filter         [6685]: INFO    [pam-generic] Found 200.148.163.123 - 2023-05-20 07:47:11
2023-05-20 07:47:13,341 fail2ban.filter         [6685]: INFO    [sshd] Found 200.148.163.123 - 2023-05-20 07:47:12
2023-05-20 07:59:15,911 fail2ban.filter         [6685]: INFO    [pam-generic] Found 216.20.128.186 - 2023-05-20 07:59:15
2023-05-20 07:59:18,589 fail2ban.filter         [6685]: INFO    [sshd] Found 216.20.128.186 - 2023-05-20 07:59:18
2023-05-20 07:59:27,084 fail2ban.filter         [6685]: INFO    [pam-generic] Found 216.20.128.186 - 2023-05-20 07:59:27
2023-05-20 07:59:29,807 fail2ban.filter         [6685]: INFO    [sshd] Found 216.20.128.186 - 2023-05-20 07:59:29
2023-05-20 07:59:35,897 fail2ban.filter         [6685]: INFO    [pam-generic] Found 216.20.128.186 - 2023-05-20 07:59:35
2023-05-20 07:59:38,222 fail2ban.filter         [6685]: INFO    [sshd] Found 216.20.128.186 - 2023-05-20 07:59:37
2023-05-20 07:59:45,241 fail2ban.filter         [6685]: INFO    [pam-generic] Found 216.20.128.186 - 2023-05-20 07:59:45
2023-05-20 07:59:47,637 fail2ban.filter         [6685]: INFO    [sshd] Found 216.20.128.186 - 2023-05-20 07:59:47
2023-05-20 07:59:54,758 fail2ban.filter         [6685]: INFO    [pam-generic] Found 216.20.128.186 - 2023-05-20 07:59:54
2023-05-20 07:59:56,852 fail2ban.filter         [6685]: INFO    [sshd] Found 216.20.128.186 - 2023-05-20 07:59:56
1 Like
2

Hello, and welcome!

Can you be more specific about what irks you in this log? All I see is a well functioning Fail2ban that detects brute-force attempts and bans IPs, as it should do.

If you want more tips, you can check out our documentation Security | Yunohost Documentation *(though I suggest not to disable the API)

1 Like
3

Ok, thanks for your reply. I follow advices from security documentation.
I create my key pair ssh now and fail2ban calmed down :slight_smile:
But now I see this

May 20 10:30:03 sd-106295 postfix/submission/smtpd[65166]: warning: hostname wftday.poppopprision.com does not resolve to address 141.98.11.29: Name or service not known
May 20 10:30:03 sd-106295 postfix/submission/smtpd[65166]: connect from unknown[141.98.11.29]
May 20 10:30:07 sd-106295 postfix/submission/smtpd[65166]: Anonymous TLS connection established from unknown[141.98.11.29]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 20 10:30:10 sd-106295 postfix/submission/smtpd[65166]: warning: unknown[141.98.11.29]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 20 10:30:10 sd-106295 postfix/submission/smtpd[65166]: disconnect from unknown[141.98.11.29] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
May 20 10:31:23 sd-106295 postfix/submission/smtpd[65166]: warning: hostname livehh.poppopprision.com does not resolve to address 141.98.11.52: Name or service not known
May 20 10:31:23 sd-106295 postfix/submission/smtpd[65166]: connect from unknown[141.98.11.52]
May 20 10:31:27 sd-106295 postfix/submission/smtpd[65166]: Anonymous TLS connection established from unknown[141.98.11.52]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 20 10:31:30 sd-106295 postfix/submission/smtpd[65166]: warning: unknown[141.98.11.52]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 20 10:31:30 sd-106295 postfix/submission/smtpd[65166]: disconnect from unknown[141.98.11.52] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
May 20 10:31:31 sd-106295 postfix/submission/smtpd[65166]: warning: hostname pirate-classify.themedestiny.com does not resolve to address 141.98.11.65: Name or service not known
May 20 10:31:31 sd-106295 postfix/submission/smtpd[65166]: connect from unknown[141.98.11.65]
May 20 10:31:35 sd-106295 postfix/submission/smtpd[65166]: Anonymous TLS connection established from unknown[141.98.11.65]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 20 10:31:38 sd-106295 postfix/submission/smtpd[65166]: warning: unknown[141.98.11.65]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 20 10:31:38 sd-106295 postfix/submission/smtpd[65166]: disconnect from unknown[141.98.11.65] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
May 20 10:32:04 sd-106295 postfix/submission/smtpd[65166]: warning: hostname grieving.medyamol.com does not resolve to address 141.98.11.67
May 20 10:32:04 sd-106295 postfix/submission/smtpd[65166]: connect from unknown[141.98.11.67]
May 20 10:32:08 sd-106295 postfix/submission/smtpd[65166]: Anonymous TLS connection established from unknown[141.98.11.67]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 20 10:32:11 sd-106295 postfix/submission/smtpd[65166]: warning: unknown[141.98.11.67]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 20 10:32:11 sd-106295 postfix/submission/smtpd[65166]: disconnect from unknown[141.98.11.67] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
May 20 10:35:21 sd-106295 postfix/submission/smtpd[65171]: warning: hostname srv-141-98-10-109.serveroffer.net does not resolve to address 141.98.10.109: Name or service not known
May 20 10:35:21 sd-106295 postfix/submission/smtpd[65171]: connect from unknown[141.98.10.109]
May 20 10:35:25 sd-106295 postfix/submission/smtpd[65171]: Anonymous TLS connection established from unknown[141.98.10.109]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 20 10:35:27 sd-106295 postfix/submission/smtpd[65171]: warning: unknown[141.98.10.109]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 20 10:35:27 sd-106295 postfix/submission/smtpd[65171]: disconnect from unknown[141.98.10.109] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
May 20 10:35:45 sd-106295 postfix/submission/smtpd[65171]: warning: hostname srv-91-224-92-22.serveroffer.net does not resolve to address 91.224.92.22: Name or service not known
May 20 10:35:45 sd-106295 postfix/submission/smtpd[65171]: connect from unknown[91.224.92.22]
May 20 10:35:49 sd-106295 postfix/submission/smtpd[65171]: Anonymous TLS connection established from unknown[91.224.92.22]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 20 10:35:52 sd-106295 postfix/submission/smtpd[65171]: warning: unknown[91.224.92.22]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
May 20 10:35:52 sd-106295 postfix/submission/smtpd[65171]: disconnect from unknown[91.224.92.22] ehlo=2 starttls=1 auth=0/1 quit=1 commands=4/5
1 Like
4

Ok, sorry … I completly read the doc about security … ans now it’s ok … Thanks for all what you do !
I love it !

2 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.