That's rough ... it is a bad, bad world out there.

Try exposing a paswordless SSH server to outside to see what happens. It'll be tried immediately, non-stop.

Now, all the servers I run has no public SSH ports, anymore. This is also why I don't expose home-servers to internet. I don't want that chaos at my doorstep.

▲

letmetweakit 2 hours ago | parent | next [-]

Yeah, I have been thinking about hosting a small internet facing service on my home server, but I’m just not willing to take the risk. I’d do it on a separate internet connection, but not on my main one.

▲

bayindirh 2 hours ago | parent [-]

You can always use a small Hetzner server (or a free Oracle Cloud one if you are in a pinch) and install tailscale to all of your servers to create a P2P yet invisible network between your hosts. You need to protect the internet facing one properly, and set ACLs at tailscale level if you're storing anything personal on that network, though.

	▲	letmetweakit 2 hours ago \| parent [-]
		I would probably just ssh into the Hetzner box and not connect it to my tailnet.

▲

gear54rus 2 hours ago | parent | prev [-]

this can be fixed by just using random ssh port

all my services are always exposed for convenience but never on a standard port (except http)

	▲	bayindirh 2 hours ago \| parent [-]
		It reduces the noise, yes, but doesn't stop a determined attacker. After managing a fleet for a long time, I'd never do that. Tailscale or any other VPN is mandatory for me to be able to access "login" ports.