KVM host: Failed login attempts
-
I have this KVM host that is behind a firewall.
Today I go to login (via VPN) & I see this message:- Should I be worried.
- What's best practice.
-
Is Fail2Ban best practice for a hyper-visor?
-
@coliver said in KVM host: Failed login attempts:
Is Fail2Ban best practice for a hyper-visor?
Fail2ban all the things.
Should probably have chkrootkit or rkhunter running as well.
-
If that host is not accessable without VPN, who is making bad attempts on your KVM server from inside your network? Do you have a scanning server (like Spiceworks?) trying to logon and scan?
-
My bad, my bad....
Last week I was doing some testing & I set a port forward on port 22 to this host.
Ooops, I forgot to remove the rule. -
@fateknollogee said in KVM host: Failed login attempts:
My bad, my bad....
Last week I was doing some testing & I set a port forward on port 22 to this host.
Ooops, I forgot to remove the rule.Awww.. that makes sense.
-
@fateknollogee said in KVM host: Failed login attempts:
My bad, my bad....
Last week I was doing some testing & I set a port forward on port 22 to this host.
Ooops, I forgot to remove the rule.I'll tell you to have fail2ban and either chkrootkit or rkhunter running anyway. Multiple levels of security should make for happier times all around.
-
@fateknollogee said in KVM host: Failed login attempts:
My bad, my bad....
Last week I was doing some testing & I set a port forward on port 22 to this host.
Ooops, I forgot to remove the rule.This is why I only allow RSA key based authentication. No root login, no password login. Disable all other methods.