I run an RaspberryPi inside my home network with ssh access allowed. One of the first things I’d done was to install fail2ban package.
I know this is not enough by far. A really secure configuration requires more intel in it but I let it that way just to check how much penetration attemps I’ll see.
After a fast review in the /var/log/fail2ban.log
file I notice that almost everything were ssh tries to log in the system. Which is perfectly normal because the system only exposes a web server and the sshd daemon.
An easy and fast securization for your home systems with ssh is to edit the /etc/hosts.allow
and the /etc/host deny
files to concrete what IP’s are allow to log in via ssh and deny all the rest. You may do the same secure configuration via /etc/ssh/sshd_config
what it requieres more ssh knowledge and I prefer dedicate another post to it.
To allow you home network edit your /etc/host.allow
and add:sshd: 192.168.0.0/24 # this allow your local lan
sshd: 127.0.0.1 # this allow your localhost
To deny any other IP edit your /etc/hosts.deny
and add:sshd: ALL