Normally when an ssh login fails, it does so after the password attempt so no clue is given about which step failed. I would assume any type of RBL blocking would do the same, along with any available plugins that would ban based on a given username attempt?
One good thing though… I just realized fail2ban actually has a rule for blocking based on invalid user names, so I need to update my settings to make use of that filter. That will likely take care of the large number of attempts I’m seeing since I do see a number of IPs being used over and over.
Eh, those attempts are just noise anyway. Use proper pubkey auth instead of normal passwords and you’ll be fine. Any key size is probably enough to prevent successful bruteforce attacks. Anything above 2048 and there’s basically no chance for them to guess right within several years of constant trying. Most bots move along quickly as well, they try their predefined list of (common usernames) x (common passwords) and that’s it.
Install endlessh, an ssh tar pit, if you want to make their lives a little more annoying. Use a non-standard port if your OCD can’t stand the slowly filling auth attempt logs.
Normally when an ssh login fails, it does so after the password attempt so no clue is given about which step failed. I would assume any type of RBL blocking would do the same, along with any available plugins that would ban based on a given username attempt?
One good thing though… I just realized fail2ban actually has a rule for blocking based on invalid user names, so I need to update my settings to make use of that filter. That will likely take care of the large number of attempts I’m seeing since I do see a number of IPs being used over and over.
Eh, those attempts are just noise anyway. Use proper pubkey auth instead of normal passwords and you’ll be fine. Any key size is probably enough to prevent successful bruteforce attacks. Anything above 2048 and there’s basically no chance for them to guess right within several years of constant trying. Most bots move along quickly as well, they try their predefined list of (common usernames) x (common passwords) and that’s it.
Install endlessh, an ssh tar pit, if you want to make their lives a little more annoying. Use a non-standard port if your OCD can’t stand the slowly filling auth attempt logs.