Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall and SSH

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mskenderian
      last edited by

      iam new to pfsense. I need help regarding my logs and firewall/ssh. I think iam being attacked. But not sure. I dont want to post details here can someone PM me.

      1 Reply Last reply Reply Quote 0
      • G
        gderf
        last edited by

        If you have an ssh daemon that is reachable by anyone from the internet on the standard TCP port 22 you can expect it to be brute force password attacked on well known user accounts.

        Is that what you are seeing?

        1 Reply Last reply Reply Quote 0
        • M
          mskenderian
          last edited by

          yes iam. i am requiring keys now. and now iam seeing them trying to get into accounts that dont exist.  Like guest, user, mysql….

          1 Reply Last reply Reply Quote 0
          • M
            mskenderian
            last edited by

            @gderf u think the keys are fine, or i should disable SSH from the WAN. and only allow it via VPN.

            1 Reply Last reply Reply Quote 0
            • G
              gderf
              last edited by

              Keys are better than passwords but that will not stop the brute force attacks.

              guest, user, mysql, among others, are the well known user accounts I mentioned.

              If you change the port away from TCP 22 you will almost certainly reduce the attacks, quite possibly eliminate them altogether. I'm sure someone will say that this suggestion is "security by obscurity" and that it doesn't work. But if you want your log file quieted down dramatically, changing the port will accomplish that.

              If you do not need wide open access, then by all means restrict it further.

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                Keys won't stop brute force attacks, but they make them a useless effort. I'd keep SSH restricted to a few trusted IPs at most, and require a VPN besides that. If you have to leave SSH open to the world for some reason, and don't want to deal with the log noise of idiots hammering away trying passwords on something that doesn't accept passwords, put it on a different port.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.