1 Topic by Stephen77

  • Stephen77
  • Member
  • Offline
  • Registered: 2018-07-30
  • Posts: 18

Topic: How to Restrict sshd Authentication failures

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? YES
- Linux/BSD distribution name and version: Ubuntu 18.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? YES 3.4 SQL
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

In the logwatch from our server received each day we find:

--------------------- pam_unix Begin ------------------------

sshd:
   Authentication Failures:
      root (58.242.83.30): 567 Time(s)
      root (112.85.42.87): 145 Time(s)
      root (223.111.139.247): 56 Time(s)
      unknown (185.101.92.20): 55 Time(s)
      root (115.238.245.2): 54 Time(s)

I assume these are people trying to gain unauthorized access to the server.  What is the best way to stop this happening?
If I put these addresses in /etc/hosts.deny will this cause any issue for receiving emails?

Thanks,

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: How to Restrict sshd Authentication failures

Stephen77 wrote:

What is the best way to stop this happening?

Running ssh service on non-standard port (22) helps A LOT. Also, disable password authentication and use only key for login.