<h1 id="tldr">TL;DR</h1>
<ol>
<li>Sign-up  <a target="_blank" href="https://zerotier.com">https://zerotier.com</a>, free for the 1st  50 devices!</li>
<li><a target="_blank" href="https://zerotier.atlassian.net/wiki/spaces/SD/pages/8454145/Getting+Started+with+ZeroTier">Create a Zerotier private network</a> </li>
<li><a target="_blank" href="https://zerotier.atlassian.net/wiki/spaces/SD/pages/6848513/Join+a+Network">Join private network</a>, both ssh-server &amp; client </li>
<li>Configure <code>sshd</code> to listen  <a target="_blank" href="https://www.cyberciti.biz/tips/howto-openssh-sshd-listen-multiple-ip-address.html">with private IP</a> </li>
<li>Goodbye ssh-brute-force!</li>
</ol>
<h1 id="why">Why?</h1>
<h2 id="reduce-attack-surface">Reduce Attack-Surface</h2>
<p><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1602809877100/g9c1lTJkf.png" alt="Screenshot 2020-10-16 at 8.57.43 AM.png" /></p>
<p>When we disrupt one or more of the  <a target="_blank" href="https://attacklifecycle.github.io">Necessary &amp; Sufficient conditions</a>  for any Cyber-Physical attacks, in this case <code>Threat Accessibility</code>, we lower the risk ( probability). This applies to other administrative service/ports. </p>
<blockquote>
<p>Even if there were a 0-day ssh-server vulnerability that is exploitable, attackers will need to first get into your client.</p>
</blockquote>
<p>Enabling Multi-Factor/Step Authentication on your VPS provider is also related to <code>Threat Accessibility</code>. </p>
<h2 id="improve-signal-to-noise-ratio">Improve "Signal-to-Noise" Ratio</h2>
<p>Server-logs are useful for investigating any incidents. When  cluttered with blocked/refused SSH attempts, those entries are simply "noise", which will be eliminated after this configuration. </p>
<h2 id="storage-is-precious">Storage is Precious</h2>
<p>Why waste it on "noise"?</p>


# TL;DR
1. Sign-up  [https://zerotier.com](https://zerotier.com), free for the 1st  50 devices!
2.  [Create a Zerotier private network](https://zerotier.atlassian.net/wiki/spaces/SD/pages/8454145/Getting+Started+with+ZeroTier) 
3.  [Join private network](https://zerotier.atlassian.net/wiki/spaces/SD/pages/6848513/Join+a+Network), both ssh-server & client 
4. Configure `sshd` to listen  [with private IP](https://www.cyberciti.biz/tips/howto-openssh-sshd-listen-multiple-ip-address.html) 
5. Goodbye ssh-brute-force!
 
# Why?
## Reduce Attack-Surface

![Screenshot 2020-10-16 at 8.57.43 AM.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1602809877100/g9c1lTJkf.png)

When we disrupt one or more of the  [Necessary & Sufficient conditions](https://attacklifecycle.github.io)  for any Cyber-Physical attacks, in this case `Threat Accessibility`, we lower the risk ( probability). This applies to other administrative service/ports. 

>Even if there were a 0-day ssh-server vulnerability that is exploitable, attackers will need to first get into your client.

Enabling Multi-Factor/Step Authentication on your VPS provider is also related to `Threat Accessibility`. 

## Improve "Signal-to-Noise" Ratio
Server-logs are useful for investigating any incidents. When  cluttered with blocked/refused SSH attempts, those entries are simply "noise", which will be eliminated after this configuration. 

## Storage is Precious
Why waste it on "noise"?

Goodbye SSH Brute-force!

Technologist specialising in Cyber Defense


Cyber Defender's Tips & Insights. Endpoint Protection & Defense. Cyber Deception & Moving Target Defense.

blog.jym.sg

blog.jym.sg

Goodbye SSH Brute-force!

TL;DR

Why?

Reduce Attack-Surface

Improve "Signal-to-Noise" Ratio

Storage is Precious