> But it made me realize that I need to tighten up my SSH buddy plans for the next time.
I'm going to ask a really audacious question: Why?
His systems all worked as expected. Injection attacks were thwarted and login attempts failed. He received (as it turns out, erroneous) notification about the login attempts and knows he needs to do something about it for the future.
Why is that something the sharing of credentials? Why is it that people still allow for remote root login? Why do people still allow user SSH access via password?
There's a better way, and it leaves you a damn sight better prepared for intrusion attempts than receiving SMS messages that, as he so perfectly demonstrated, were not actionable. Limit logons to PKI-only. Live happier. Sleep easier.
I'm going to ask a really audacious question: Why?
His systems all worked as expected. Injection attacks were thwarted and login attempts failed. He received (as it turns out, erroneous) notification about the login attempts and knows he needs to do something about it for the future.
Why is that something the sharing of credentials? Why is it that people still allow for remote root login? Why do people still allow user SSH access via password?
There's a better way, and it leaves you a damn sight better prepared for intrusion attempts than receiving SMS messages that, as he so perfectly demonstrated, were not actionable. Limit logons to PKI-only. Live happier. Sleep easier.