I've had good success with fail2ban, tweaked to be much more aggressive than normal.

You could also put a tailscale IP on it and limit SSH to that.

You can also adjust what logwatch reports and ignores.

On Mon, Feb 2, 2026, 16:34 Jonathan Hutchins <hutchins@tarcanfel.org> wrote:

On 02/02/2026 2:18 PM CST John McPherson <xeniphon@gmail.com> wrote:

Limit ciphers&macs, then set password authentication to no, and the hits go down a bunch

The attempts are already failing, I think we need a firewall rule or iptables, and move the port to 359 or something.

--

Jonathan

_______________________________________________
KCLUG mailing list -- kclug@kclug.org
To unsubscribe send an email to kclug-leave@kclug.org
https://kclug.org/mailman3/postorius/lists/kclug.kclug.org/