Lots of SSH request from unknown IP's

[alete]

Hi, everyone, I got my debian up and running in my LattePanda. It's purpose is just experimental, I'm learning/having fun.
Today, when I was trying to learn about systemd I found that I have numerous tries to connect through SSH from IP's that I've already googled and seems like a brute force attack.
Here is my

Code: Select all

sudo journalctl | grep sshd

https://pastebin.com/ZRppGtbE

Notice that they are all from today. Should I be worry? Could it be something I triggered somehow? I cannot turn SSH off, because the system is headless. But should I do something at all?

Thanks for your advices.

[dasein]

I cannot turn SSH off, because the system is headless. But should I do something at all?

Depends on what you've already done/can do.

I'm assuming that you have some compelling reason why this machine simply must be publicly accessible. Any public-facing system will be probed for weakness(es). That's the part you can't control.

Things you can control:

• - Shut down any daemons you don't absolutely need
  - Consider using SSH keys instead of passwords
  - Strongly consider disabling root login via SSH
  - Consider port knocking

[hexadeximal]

consider using fail2ban to block IPs after a certain amount of failed ssh login attempts

[alete]

Thanks both. I'm already on it.

[alan stone]

Good practices for using ssh.
Top 20 OpenSSH Server Best Security Practices.
Defending against brute force ssh attacks.
Restricting SSH logins to particular IP addresses.