Search code, repositories, users, issues, pull requests...
Anybody with an internet-facing server knows that an infinite number of IP addresses try to connect to TCP port 22. If they do connect, those IP addresses try to guess user IDs and passwords. They will not give up. I have an internet-facing server, it lives in my kitchen. I pay for business internet service from versonetworks so that I have a lot of bandwidth, and I don't have to participate in the cable/phone company internet last-mile duopoly. I recommend Verso Networks. Decent product, great customer service. They gave me an IPv6 address and I didn't even ask for it.
I feel that the usual solution to SSH scanners is to run fail2ban which will reject and ultimate drop all packets from IP addresses that scan for SSH on TCP port 22. I think this isn't nearly aggressive enough. For a while, I turned up the PAM bad-login-timeout to about 7 seconds as per this stackexchange answer. It just didn't feel like I was accomplishing anything, though.
I installed cowrie, an SSH and telnet honeypot, and ran it for a few years. I recommend running cowrie if you want to see what kind of absolute crap internet bottom feeders do once they log in to a system with a guessed password. It became tiresome to keep up, so I quit running cowrie.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24931969/236794_iPhone_15_pro_pro_Max_VPavic_0011.jpg)
