cromwell Posted April 4, 2020 Share Posted April 4, 2020 (edited) First need to state I am a noob. I sometimes need to enable SSH because I use an application called Transmit to connect to my unraid server remotely over SFTP, when I am not on my home network. Initially, not knowing any better I just left SSH enabled on my server, but the plugin "Fix Common Problems" warned SSH was enabled and the port was getting hit thousands of times. Someone was scanning ports and trying to brute force their way in, I kept seeing "wrong password attempt" in my log file from an IP in China. This also started filling up my cache disk with a massive log file. So I disabled SSH (see attached). Now I only enable SSH through the unraid GUI when I need to connect with SFTP, and then I disable it afterwards. Is that the proper way to do this or is there a better way to securely connect over SSH/SFTP and not worry about getting bruteforced? Edited April 4, 2020 by cromwell Quote Link to comment
Squid Posted April 4, 2020 Share Posted April 4, 2020 The ideal way to access the server (gui / ssh etc) is via a vpn of some sort (wireguard / openvpn). The millisecond after any port is opened on your router, script kiddies will try and access looking to see if they can log in. All quite automatic and scripted to continually scan the internet looking for stuff like this. Opening up a port for Plex et al to communicate via however is OK. Quote Link to comment
cromwell Posted April 4, 2020 Author Share Posted April 4, 2020 12 minutes ago, Squid said: The ideal way to access the server (gui / ssh etc) is via a vpn of some sort (wireguard / openvpn). The millisecond after any port is opened on your router, script kiddies will try and access looking to see if they can log in. All quite automatic and scripted to continually scan the internet looking for stuff like this. Opening up a port for Plex et al to communicate via however is OK. I have Binhex Deluge installed which includes a vpn and it has privoxy. Can I do what you're saying with that or do I need to setup wireguard/openvpn separately? Quote Link to comment
ljm42 Posted April 4, 2020 Share Posted April 4, 2020 They are different types of VPNs. Binhex Deluge connects to a commercial VPN provider to hide your Deluge traffic. This discussion is about letting you VPN into your home network to manage your server, commercial VPN is not involved. Unraid has WireGuard support built-in: https://forums.unraid.net/topic/84226-wireguard-quickstart/ Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.