Silly me. I login to my hosted webserver through ssh to edit pages and all that fun stuff. Of course I have that locked down: only one user is listed in AllowUsers and that user has to use public key authentication (see SSH passphrases and keys).
That doesn't stop people from trying to login; it just prevents them from being able to login without knowing a lot more than most script-kiddie hackers know.
However, I realized something today that I should have realized a long time ago. The people who try to get in aren't getting in, but they are wasting system resources and they do clutter up my logs. Most hosted webservers, mine included, have some sort of web based interface that allow you to control services. Why on earth do I even have sshd turned on when I don't need it?
Duh! All I need to do is turn it on when I want to login, log in, and then immediately shut it off. That doesn't affect my current login, it just refuses future connections. No more wasted cpu for the wannabe hackers, no more silly log entries.
Of course I couldn't do that if other non-admin users needed access, but for this server, it's just me. I am the one and only legitimate user.
I'm almost tempted to reset this to "PasswordAuthentication yes" - with the other protections in place (AllowUsers, MaxStartups, etc.) and sshd only turned on for the brief time that I need to login, that could be safe enough and would certainly be convenient if I ever needed to login from somewhere without my key (I do have it on a USB stick but I don't always have that with me). I'll have to think about that - if I were forgetful and left it on, I'd be far less secure.. and I *am* forgetful! Better leave it as it is..
As you'll see in the comments, some smart folks convinced me that it makes more sense to shut off the web admin and leave ssh as it is.
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
Increase ad revenue 50-250% with Ezoic