added SSH key mention in failed ssh connection warning message #1827
Conversation
Well strictly-speaking this exact message is about an usual number of failed auth attempts, which typically comes from bots brute-forcing SSH (though could also come from a local user brute-forcing sudo), and using SSH keys ain't gonna reduce that number, but classically changing the SSH port will, because the vast majority of bots won't scan ports |
|
Yes but if the password authentication is disabled, the user can ignore this message about failed password authentications |
|
Yes and no, because it still means the auth log is unecessarily flooded and growing large, and the mecanism also spots e.g. failed sudo attempts which could be symptomatic of a malicious user or pwned app brute-forcing stuff |
|
hm maybe it would be better to distinguish between "failed ssh auth attempts" and "failed sudo auth attempts" if it's possible? because for now the message doesn't warn about the sudo thing |
The problem
we advertise changing the ssh port, but using an ssh key is better for the security of the server
Solution
mention SSH key authentication in failed ssh connection warning message
maybe we want to remove the "use a custom port for SSH" part because it's a pain to use and in 2 seconds you can find the right port by scanning...
tbh that's not good advice
PR Status
done
How to test
...