Minimize sshd log clutter/spam from unauthenticated connections

Philipp Marek philipp at marek.priv.at
Sun Mar 19 17:03:15 AEDT 2023


To radically cut down on SSH log spam you can also hide it completely behind a firewall, and allow access only by some port knocking sequence.


I quite like having a process listen on port 53 and wait for a dns query containing a totp string to grant (temporary) access; that's a 2fa, and doing a "host 123456. my-ip" is easily automated in a shell script as well...


More information about the openssh-unix-dev mailing list