Why do I get so many failed accesses via SSH?

Posted on November 9, 2020

I open this debate because the truth is that I always ask myself the same thing and google does not have the answer.

Because whenever I create an instance in DigitalOcean there are constant failed accesses from different countries to my droplet? This is something that does not happen either in Linode or Vultr, in addition to OVH and other suppliers, but it only happens here.

I do not worry about the fact that they try to enter since I have perfectly configured the fail2ban and the sshd but even so it has always seemed quite strange to me this literally “DoS or DDoS” to the SSH port. Does anyone have any explanation for this? It’s pretty weird.

I doubt that the DigitalOcean monitoring service uses SSH with the VPS configuration data because despite that they are still updating.

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys

November 10, 2020

Accepted Answer

Hi @ajmusic15,

In my experience and in my eyes these connections have always been some bots trying to gain access to my system whether it’s here or on another provider. I never gave them much though despite the fact that it was pretty annoying to see once you SSH the message about a number of failed attempts. Well annoying and satisfied at the same time! :D.

Anyway, for me those are just that, bots trying to get in nothing more.

Regards, KFSys