Minimize sshd log clutter/spam from unauthenticated connections

Philipp Marek philipp at
Sun Mar 19 17:03:15 AEDT 2023

To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence.

I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...

More information about the openssh-unix-dev mailing list