By Nay
I just create a new droplet a few minutes ago, I installed nginx and setup SSH keys to conect through PuTTY, and for my surprise when I login in my SSH Console, in the message I get:
“There were 445 failed login attempts since the last successful login.”
It is very strange to me, I create my droplet a few minute ago, It will be any hacker with bruteforce trying a invasion??
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sounds like you should take care of a few things. If you are using SSH keys, remove password login. Then install Fail2ban.
in /etc/ssh/sshd_config change the following lines so they match this: ChallengeResponseAuthentication no PasswordAuthentication no
Then follow the steps in the “Configuring a Basic Firewall” section here - https://www.digitalocean.com/community/tutorials/additional-recommended-steps-for-new-ubuntu-14-04-servers
Then install Fail2ban - https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04
This is all assuming you are using Ubuntu 14.04
Yes, bruteforcing SSH is very common. Disable password authentication and use public keys.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.