I have a server where I believe I have disabled root login via ssh. I think it is done correctly, as I cannot login with root myself via ssh, but I would've thought that it would be reflected in /var/log/auth.log. Instead, it shows up as failed password entry. Is this intended?

What I've done is to uncomment the PermitRootLogin no line in /etc/ssh/sshd_config. Rest of the config file is left at default.

Bonus question: All login attempts by ssh seems to go over some random port (even my own successful logins). Why is this?

  • cyberwolfie@lemmy.ml
    ·
    8 months ago

    Ok, thanks - so if I understand correctly then, it is listening on port 22 as a default, and not accepting traffic on any port.

    That brings of the question: wouldn't I be better off changing the SSH-port? And is that so easy as to uncomment the #Port 22 line in the config file and changing the port number to something random, and saving that somewhere? Would I then be able to connect by running ssh myuser@mydomain.com:, or would I need to do anything else to successfully connect?

    • grant 🍞@toast.ooo
      ·
      8 months ago

      It’s recommended you keep the default port because as soon as your IP is known it takes less than 5 minutes to scan every port for an ssh port

      • cyberwolfie@lemmy.ml
        ·
        8 months ago

        It’s recommended you keep the default port because as soon as your IP is known it takes less than 5 minutes to scan every port for an ssh port

        Fair point! I first thought that would be good, as it would discourage all those random connections. My guess is that they won't bother spending 5 minutes on each server, and instead just move on to the next when they fail. But then I realized that I don't really care about those anyway as they're not getting anywhere with their root:mypassword login attempts.