Introduction
I’m sure most of you have experienced this scenario : A server is put online, and although you’ve secured it properly, you still see people attempting to brute force attack your server by attempting to login via SSH.
sshd[25808]: input_userauth_request: invalid user ubnt [preauth]
sshd[25808]: Received disconnect from 91.224.161.103: 11: [preauth]
sshd[25810]: Invalid user test from 91.224.161.103
sshd[25810]: input_userauth_request: invalid user test [preauth]
sshd[25810]: Received disconnect from 91.224.161.103: 11: [preauth]
sshd[25812]: Invalid user tech from 91.224.161.103
sshd[25812]: input_userauth_request: invalid user tech [preauth]
sshd[25812]: Received disconnect from 91.224.161.103: 11: [preauth]
sshd[25814]: Received disconnect from 91.224.161.103: 11: [preauth]
Although you’ve setup your server to only allow SSH key based authentication (and as such nobody can login with a password), people are still trying to find their way in. You can dramatically recude these number of attacks by switching your SSH daeon to a non standard port.
In this post, I’ll show you how to change that port,