@dazo@infosec.exchange
·
May 25, 2026
🐈⬛David Sommerseth
@dazo@infosec.exchange
F/OSS hacker, mostly working on #OpenVPN - speaks only for himself. "Don't aim to be someone. DO something." #nobridge - because I believe in the real #fediverse, and I don't want my own views/data to be abused by yet another "closed-service which can do whatever it wants for profit". **BEWARE:** Someone has created a Twitter profile in my name: https://twitter.com/DavidSommerseth - this is ***not*** me **If you want to follow me**, you now **MUST** have some content on your profile where we have some common ground on interests. I will no longer accept random profiles wanting to follow with no toots or no other follows or followers in the same interest sphere.
infosec.exchange
I always remap my sshd daemon to listen to a non-standard port, to reduce a lot of noise. Which has worked fine for years. But every now and then there are attempts. All the #Linux kernel flaws found lately has made remote login attempts more interesting for attackers. And they scan much more broadly now than just port 22.
And that's why my second line of defence is to disallow remote root login - and also make use of the AllowGroups feature in sshd_config. Users granted remote access must be member of a specific group. And root is also excluded from this group.
That pays off these days. And this is a nice filter match for #fail2ban and similar tools
https://termbin.com/0cf6
I have 293 login attempts on "random users" since May 21. And 259 attempts as root.
#infosec #ssh #sshd #systemhardening #kernel
6
2
2
You've seen all posts