Post APIPyP550TnBo116OG by astro@chaos.social
 (DIR) More posts by astro@chaos.social
 (DIR) Post #APIPyP550TnBo116OG by astro@chaos.social
       2022-11-04T23:56:57Z
       
       2 likes, 1 repeats
       
       Running #ssh with its default port on a public IPv4 address always invites bogus login attempts. I wondered what these were about so we started accepting and collecting them: https://sshlog.flpk.zentralwerk.org/
       
 (DIR) Post #APIQ1MXQuuCwmwgpUW by rtn@social.weho.st
       2022-11-05T00:28:12Z
       
       1 likes, 0 repeats
       
       @astro What did you do to let them in?
       
 (DIR) Post #APIQBJwFRBfTca2rKa by cjd@pkteerium.xyz
       2022-11-05T14:23:26.941286Z
       
       1 likes, 0 repeats
       
       This is actually an incredibly good idea, when you get a failed login drop them to a QEMU + busybox or something, it raises the cost of password guessing astronomically because the attacker never really knows if they're in or not
       
 (DIR) Post #APTApjewBvS7QbNJ2W by orionwl@x0f.org
       2022-11-10T18:53:17Z
       
       0 likes, 0 repeats
       
       @astro this is very interestingsome look like http requests (plain or compressed), that's strange, maybe an attempt at tunneling?https://sshlog.flpk.zentralwerk.org/2022-10-30/21%3A39%3A10-185.81.68.189%3A61915.txthttps://sshlog.flpk.zentralwerk.org/2022-10-09/01%3A24%3A53-92.255.85.69%3A20062.txt
       
 (DIR) Post #APTGGnJDEJIgKvw2Xw by astro@chaos.social
       2022-11-10T19:54:09Z
       
       0 likes, 0 repeats
       
       @orionwl Yes, very probably `ssh -L` though my server should include the tunnel's target in the output.