My home server got hit with a weird login attempt from a city I've never been to

I was checking my logs yesterday and saw a failed SSH login from an IP in Jakarta, which is wild because I live in Ohio. I had a weak password on a test account I forgot about, so I changed it and set up fail2ban right away. Has anyone else had something like this happen, and what did you do next?

4 comments

4 Comments

karencampbell11d ago

Meh, it's just script bots pinging everyone.

logan5252mo ago

Did you check if the test account was the only one with a weak password, or did you audit all your user accounts and keys? It's good you set up fail2ban, but that only stops brute force. You should also think about disabling password logins entirely and only using SSH keys.

davidkim2mo ago

Good point, I should do a full audit. SSH keys only is the move for sure.

rowanhernandez2mo ago

Yeah, and logan525 is right about SSH keys.