I have recently had a huge attack from China against my servers SSH services. I get emails every time I someone gets blocked for 5 failed attempts from ConfigServer's Firewall... and over Christmas it ramped up from a few times a day to several an hour, and my mailbox is now full with almost 100 of these emails. I know I can disable the emails but no need now as the attack seems to have stopped. It also doesn't seem to be any form of DDOS attack, just brute forcing with a regular change of IPs.
I'm not an SSH person. I log in and use it but only from a cheat sheet of commands I've built up over time. I have protected my cPanel logins with cPHult to block all countries but mine and US (where BuycPanel's support comes from) because I don't need any countries logging in... and the WHM interface has 2FA enabled... but correct me if I'm wrong, if someone gets the password, can't they just log in to SSH without any form of country or 2FA protection? At least I can login at home.
I believe I can turn off the password feature and use keys instead but I would prefer not. IP whitelisting my own IPs is also an option but I don't want to risk getting myself locked out. What's the next best option for securing SSH? I have a very secure password but it would be neive to say there's no risk.
Thanks!
I'm not an SSH person. I log in and use it but only from a cheat sheet of commands I've built up over time. I have protected my cPanel logins with cPHult to block all countries but mine and US (where BuycPanel's support comes from) because I don't need any countries logging in... and the WHM interface has 2FA enabled... but correct me if I'm wrong, if someone gets the password, can't they just log in to SSH without any form of country or 2FA protection? At least I can login at home.
I believe I can turn off the password feature and use keys instead but I would prefer not. IP whitelisting my own IPs is also an option but I don't want to risk getting myself locked out. What's the next best option for securing SSH? I have a very secure password but it would be neive to say there's no risk.
Thanks!