Question

Someone is trying to gain access, how do I stop it?

So i’m about a week into my first Digital Ocean droplet and my first server ever. I got a droplet mostly to learn the ropes and host a couple services (VPN, Teamspeak, SSH). I checked out the auth.log yesterday and noticed that someone is trying to gain access to my server (I think using brute force?). This is what my auth.log file looks like and has been going on for two days now here. I have SSH enabled so I’m pretty sure I am the only one who can gain access since I am the one who has the private key but I want to know if this person who is trying to gain access can somehow get around it or if it is causing any harm to my droplet? Also, I don’t know if it helps or not but the only user on my droplet is the root server right now and I have password authentication turned off so that you have to have the SSH key.

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

You’re fine. As @doyle mentionned, this kind of scanning is a regular occurence on the public internet. Beebn running a personal VPS for years and my logs used to be full of failed attempts.

If you’re already using key auth only, you are fine. If you want to reduce the logs, best simple thing to do is change your port to something else. fail2ban would work here too, but changing the port is just easier.

It happens, servers are constantly scanning for SSH servers with default passwords. All you can do is change your SSH port and install fail2ban or LFD.

Thank you guys for the information, I appreciate it.