I've had good success with fail2ban, tweaked to be much more aggressive than normal.
You could also put a tailscale IP on it and limit SSH to that.
You can also adjust what logwatch reports and ignores.
On Mon, Feb 2, 2026, 16:34 Jonathan Hutchins hutchins@tarcanfel.org wrote:
On 02/02/2026 2:18 PM CST John McPherson xeniphon@gmail.com wrote:
Limit ciphers&macs, then set password authentication to no, and the hits go down a bunch
The attempts are already failing, I think we need a firewall rule or iptables, and move the port to 359 or something. -- Jonathan _______________________________________________ KCLUG mailing list -- kclug@kclug.org To unsubscribe send an email to kclug-leave@kclug.org https://kclug.org/mailman3/postorius/lists/kclug.kclug.org/