Is this a Brute force attack

kevin2001

New Member
Dec 29, 2021
6
0
1
21
Schermafbeelding 2022-06-19 211150.pngi think this is beining brute foced and how can i block this ip addres and al ports
 

Dunuin

Famous Member
Jun 30, 2020
7,211
1,718
149
Germany
Have a look at fail2ban. I always set it up to ban IPs after multiple failed ssh login attempts.
 

oguz

Proxmox Staff Member
Retired Staff
Nov 19, 2018
5,207
680
118
1. as @Dunuin has suggested you should take a look at setting up fail2ban:
Code:
apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
that should cover the SSH port, you can also set it up for the GUI [0] in case that's exposed as well.

2. as @spirit suggested pve-firewall can be configured to only allow SSH port to be accessed by a whitelist of IP addresses (for example your home/business IP address can access it and nobody else can) [1]
for example:
Code:
[RULES]
...
IN SSH(ACCEPT) -i net0 -source 10.0.0.1,10.0.0.2,10.0.0.3 # accept ssh for listed IPs

3. if IP whitelisting is not an option for some reason, then it can also help to move the SSH port from the default 22 to something bigger [2] (it would reduce the amount of automated bots finding your exposed SSH port).
for that you'd edit /etc/ssh/sshd_config and /etc/ssh/ssh_config and change the Port directive, followed by restarting the service: systemctl restart ssh

[0]: https://pve.proxmox.com/wiki/Fail2ban
[1]: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_rules
 

spirit

Famous Member
Apr 2, 2010
5,768
673
133
www.odiso.com
3. if IP whitelisting is not an option for some reason, then it can also help to move the SSH port from the default 22 to something bigger [2] (it would reduce the amount of automated bots finding your exposed SSH port).
for that you'd edit /etc/ssh/sshd_config and /etc/ssh/ssh_config and change the Port directive, followed by restarting the service: systemctl restart ssh
is it supported when you have a proxmox cluster ?
I think some task like live migration still established tunnel through ssh on hardcoded port 22 ? (or maybe does it have changed recently ?)
 

oguz

Proxmox Staff Member
Retired Staff
Nov 19, 2018
5,207
680
118
is it supported when you have a proxmox cluster ?
yes, but editing the ssh client config on the nodes to match the port is also necessary
 
  • Like
Reactions: spirit

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!