Which is the best strategy for SSH Login

**BpnV** · 28-11-2011

I am running a web/file server at my place and I am also running ssh on the same so I am able to login in to the same even when I am not at home and I need to run sftp in order to get some files that I need, even though I am using only password authentication for ssh logins I am w\aware that it is not that secure and there is a need to use public/private keys for the login. I am using the password authentication method for now so that I can login from any computer that I want but then recently I have noticed that there is a lot automated log in attempts through ssh in the auth.log file. So I just wanted to know that is there a way to login in to ssh from any computer and avoid such automated logs? Any suggestion for the same will be appreciated.

**Bjork** · 28-11-2011

I think that you should not log in to the ssh from any computer and I am saying so because there is a security risk and if you still do the same then you are really quite insecure at that time anyways as far as the automated log in the auth.log file is concerned than you can just check out the fail2ban and I think that it will definitely help you for the same. Best of luck

**Kanesteyn** · 28-11-2011

I think that you should not log in to the ssh from any computer and I am saying so because there is a security risk and if you still do the same then you are really quite insecure at that time anyways as far as the automated log in the auth.log file is concerned than you can just check out the fail2ban and I think that it will definitely help you for the same. Best of luck
Edit/Delete Message.

Thanks for that I will definitely check in to the fail2ban but then I just wanted to share that most of the login attempts that I usually make is from my home computer, you can say that 80 percent of the login attempts are made from my home computer and I use the sftp from other computer when there is only a need of some files that I want and I do it very occasionally and then I now I am still quite insecure but then I will be moving to the public/private keys soon.

**shetty** · 28-11-2011

I will like to inform you that if you are login from other computers only to access the file that you need then SSH is not only the way to do so. I mean that you can just install Apache and then just fill it with the file that you are willing to download in your public_html and if you still want to use the SSH using the password authentication then I will suggest you to use PAM module for Google 2-step verification. I will also like to add fail2ban or denyhosts are better choices for securing ssh so I will say that switch to them sooner.

**sameer22** · 28-11-2011

The other option that I have is using a valid key on a USB-stick in order to login in to the ssh from different computers. You can also try to just change the port forwarding on the router just for eg if it is 6666 to 21 then you can make it to ssh -p 8888. Hope you got my point.

**Kakashi Hatake** · 29-11-2011

I will suggest you to use public key encrypted with a pass phrase rather than just using the default port other than that also make sure that you do not allow root login as well. I have done the same and trust me I have found dramatic decrease in the amount of dictionary/brute force attacks. Just try to do the same and I think that it will help you as well.