Someone is trying to gain access, how do I stop it?

Posted on August 24, 2015

So i’m about a week into my first Digital Ocean droplet and my first server ever. I got a droplet mostly to learn the ropes and host a couple services (VPN, Teamspeak, SSH). I checked out the auth.log yesterday and noticed that someone is trying to gain access to my server (I think using brute force?). This is what my auth.log file looks like and has been going on for two days now here. I have SSH enabled so I’m pretty sure I am the only one who can gain access since I am the one who has the private key but I want to know if this person who is trying to gain access can somehow get around it or if it is causing any harm to my droplet? Also, I don’t know if it helps or not but the only user on my droplet is the root server right now and I have password authentication turned off so that you have to have the SSH key.

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

doyle

August 24, 2015

It happens, servers are constantly scanning for SSH servers with default passwords. All you can do is change your SSH port and install fail2ban or LFD.

Joël Dinel

August 24, 2015

You’re fine. As @doyle mentionned, this kind of scanning is a regular occurence on the public internet. Beebn running a personal VPS for years and my logs used to be full of failed attempts.

If you’re already using key auth only, you are fine. If you want to reduce the logs, best simple thing to do is change your port to something else. fail2ban would work here too, but changing the port is just easier.