Zeacurity: Allow all to ssh except specific IP addresses
Posted: 8 Feb 2021, 3:12am - Monday

Since I open my ssh to all for the past 3 months, the auth.log is incredibly flooded with login attempts. I know they can't get in because I am using public key authentication and AllowedUser. Somehow it is still worrying the number of attempts.

So I created an app to counter these login attempts. Introducing my console app, Zecurity (https://github.com/camilord/Zeacurity). It's using Symfony Console framework and easy to use if you are having the same situation I got and want to protect your server. I wrote (I believe) the details how to implement on your server, please see the read me file.

Screenshot below, as you can see there's like every milliseconds attempting to login. Then I ran Zeacurity at 3:00 and after that, no attempts. :)

PS: when I was trying to resolve my problem, I stumble down with an issue that all incoming attempts still going thru, thanks to Sid Bachtiar when he mentioned about to remove the MASQUERADE and it was the one causing it. To read more about it, see https://linuxhacks.org/what-is-ip-masquerade-and-how-to-rule-it-with-iptables/