Hi today my server is down multiple times because of ssh bruteforce. Here’s what my ssh log looks like:
https://pastebin.com/G7PREfZ2
Can you guys recommend what should i do to prevent this type of attack?
My root login only allowed to login via ssh key.
You can’t do anything about it…
Except changing port from 22 to a different one. Or add you own ip to a whitelist.
Unless the bruteforce was successfull and the attacker got in, there is no reason the server to go down because of unsuccessful login attempts. Most likely you have another problem there
I wish that your service is not yet compromised,
Try to use CSF or what @eris mention change your PORT or allowed only your IP to access ssh,
The default iptables stack without csf already provides brute force detection and prevention - there is no directly need to install csf.