Is this a Brute force attack

Have a look at fail2ban. I always set it up to ban IPs after multiple failed ssh login attempts.
 
1. as @Dunuin has suggested you should take a look at setting up fail2ban:
Code: 
apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
that should cover the SSH port, you can also set it up for the GUI [0] in case that's exposed as well.

2. as @spirit suggested pve-firewall can be configured to only allow SSH port to be accessed by a whitelist of IP addresses (for example your home/business IP address can access it and nobody else can) [1]
for example:
Code: 
[RULES]
...
IN SSH(ACCEPT) -i net0 -source 10.0.0.1,10.0.0.2,10.0.0.3 # accept ssh for listed IPs

3. if IP whitelisting is not an option for some reason, then it can also help to move the SSH port from the default 22 to something bigger [2] (it would reduce the amount of automated bots finding your exposed SSH port).
for that you'd edit /etc/ssh/sshd_config and /etc/ssh/ssh_config and change the Port directive, followed by restarting the service: systemctl restart ssh

[0]: https://pve.proxmox.com/wiki/Fail2ban
[1]: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_rules
 
oguz said:
3. if IP whitelisting is not an option for some reason, then it can also help to move the SSH port from the default 22 to something bigger [2] (it would reduce the amount of automated bots finding your exposed SSH port).
for that you'd edit /etc/ssh/sshd_config and /etc/ssh/ssh_config and change the Port directive, followed by restarting the service: systemctl restart ssh
Click to expand...
is it supported when you have a proxmox cluster ?
I think some task like live migration still established tunnel through ssh on hardcoded port 22 ? (or maybe does it have changed recently ?)
 
spirit said:
is it supported when you have a proxmox cluster ?
Click to expand...
yes, but editing the ssh client config on the nodes to match the port is also necessary
 
  • Like
Reactions: spirit
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back