Normal? It seems like a lot.. [ATTACH]
Pretty common on some web hosts. Centmin mod CSF Firewall's Login Failure Daemon (LFD) blocks them all CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS cminfo netstat command in Centmin Mod 123.09beta01 and newer can also provide login failure stats outlined at Upgrade - Nginx - Redis - Insight Guide - cminfo command explained and Beta Branch - update cminfo command with netstat flag option Code (Text): Top CSF Firewall Denied Distributed sshd Attacks: 38 CN China - 14 VN Vietnam static.vnpt.vn 12 US United States - 12 KR Republic of Korea - 6 ID Indonesia - 5 VN Vietnam - 5 IN India - 4 RU Russia - 3 NL Netherlands - 2 SG Singapore - Top CSF Firewall Failed SSH Logins: 45 CN China - 15 KR Republic of Korea - 8 US United States - 4 VN Vietnam - 4 NL Netherlands - 3 RU Russia - 3 IN India - 2 HK Hong Kong - 2 DE Germany - 1 ZA South Africa 169-1-195-180.ip.afrihost.co.za Code (Text): Last 24hrs Top CSF Firewall Denied Country Codes: 8 CN 6 US 3 VN 1 SG 1 RU 1 NL 1 KR 1 IT 1 IN 1 IL Last 24hrs Top CSF Firewall Denied Country Codes + Reverse Lookups: 8 CN China - 6 US United States - 3 VN Vietnam static.vnpt.vn 1 SG Singapore - 1 RU Russia - 1 NL Netherlands - 1 KR Republic of Korea - 1 IT Italy host1-109-static.3-79-b.business.telecomitalia.it 1 IN India - 1 IL Israel bzq-109-64-134-114.red.bezeqint.net
yup can do that too centmin.sh menu option 16 will prompt for default existing sshd port number which you enter 22 on default systems and then prompt for your desired new sshd port number. Then automatically adjust CSF Firewall and sshd port configurations for new changes
Would you say its also good to disable root login and only allow pubkey auth after the initial CMM install? (I remember the first/initial install needs to be done as root) So we could install CMM and then harden SSH a bit? Or is it enough to change the Port from menu option 16 and forget about it?
Centmin Mod 123.09beta01 and higher supports sudo user only after initial install for centmin.sh. 123.08stable doesn't. Before you look into ssh key only (+disable password authentication), make sure your web host is setup with features that allow you to regain access to your server if you ever loose your ssh key's private key and that you know how to use those features to regain access. If you don't know how to use those features, setup a test instance/VPS with that web host and test it out. If you're with web host with hourly billed VPSes like Linode, DigitalOcean, and Vultr then it is relatively cheap to test out for a few hours on a test VPS. Here's a example text you can use to ask your web host to be sure There's numerous how to use ssh key login guides online, but not many go beyond that to explain what to do if you loose your ssh private key and are unable to use password logins. And that can come down to your web host and what measures they have in place i.e. out of band console access etc and recovery ISO/cds available. And some relevant guides with different web hosts about setting up SSH key authentication and also about recovery as well general need to know info. DigitalOcean Has out of band console access How To Use SSH Keys with DigitalOcean Droplets | DigitalOcean How To Recover from File System Corruption Using Fsck and a Recovery ISO | DigitalOcean. Just the part about using Console but not the Fsck and file system recovery steps Don't need to do that just to get ssh access when you loose normal ssh access to your server i.e. loose ssh private key for ssh public key authentication. Linode Has out of band console access called Lish Use Public Key Authentication with SSH Using the Linode Shell (Lish) Vultr Has out of band console access How Do I Generate SSH Keys? - Vultr.com Access Single User Mode (Reset Root Password) - Vultr.com Using Finnix Rescue CD to Rescue, Repair, or Backup Your Linux System - Vultr.com OVH Installation of OVH SSH key — OVH Documentation 0.0.1 documentation SSH key for Public Cloud — OVH Documentation 0.0.1 documentation Creating SSH keys- OVH Replacing your lost SSH key pair - OVH Become root and select a password - OVH RamNode How do I add an SSH key to my VPS? - Knowledgebase - RamNode Others Finnix Recovery CD - Mammoth Cloud
Asking a simple question and eva comes with tons of information and a detailed answer, thats why I simply cant go away from CentOS with CMM, even though I was a debian guy What if eva is just an AI
I'm glad you brought that up, this server is on Linode, so I think I'll actually disable pw login just for security reasons!
Sort of habit working in tech support for over a decade - aim is to provide a solution/answer in the least amount of replies I'd double check and test on a test linode first before doing in production/live servers just to make sure i.e. disable password login on test linode and try using lish out of band console to get back in