Minimize sshd log clutter/spam from unauthenticated connections
philipp at marek.priv.at
Sun Mar 19 17:03:15 AEDT 2023
To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence.
I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...
More information about the openssh-unix-dev