Minimize sshd log clutter/spam from unauthenticated connections

[Philipp Marek]

To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence.


I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...