Question

Failed logins on CentOS 7

Hello community,

I have a droplet with centOS version 7. Yesterday i just logged in with SSH as root and saw that there was 6000 failed login attempt. Today i just created another droplet with centOS 7 and noticed that on the first login there was 43 failed login attempt, while that droplet was just created a few min earlier. What is this?

Subscribe
Share

I just opened a support ticket for DO on this subject. I have a VM running CentOS 7 as well and have had ~17.5k failed logins in under 12 hours. I’ll post back if I hear anything from them.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hey there,

The internet is full of bots that scan and poke IP addresses on port 22 (ssh). You can install something like fail2ban, or something similar like csf or denyhosts which will block IP’s from constantly failing to log in via SSH.

The downside to those adaptive firewalls is that you may also block yourself. So remember to try to log into the web console, or from another IP, if you are having difficulties logging in.

While it’s not more secure, changing the SSH port to an alternate port that you can easily remember will cut those log in attempts down nearly by 100%. You’d want to change the Port line in the/etc/ssh/sshd_config as follows:

Default:

#Port 22

Alternate Port Setting (choose your own port number and remove the # from the beginning):

Port 2022

You will need to restart SSH for this to take effect:

systemctl restart sshd.service

Important: be sure to open your new SSH port if you are running a software firewall. Also be sure to leave your SSH session open after restarting the SSH service and open a NEW SSH session to test the new port. If you are unable to connect, you can debug your settings from the first SSH session.

Happy coding,

Jon Schwenn Platform Support Specialist DigitalOcean