This is an automated archive made by the Lemmit Bot.
The original was posted on /r/homelab by /u/Prize-Job4299 on 2025-01-21 20:43:09+00:00.
Nothing spectacular really, just wanted to share it to show the more security unconcious people the risk of opening Port 22 to the Internet. Also i was curious how long it would take.
Had set up a isolated Debian12 VM with Fail2Ban (did not ban at all, basically just to count the logon tries), Password auth enabled. Exposed Port 22 directly to the public internet.
Accounts/Passwords were user/user and admin/admin. When a successful SSH Login would occur, the server would write the uptime and the number of failed logins to a logfile and then shut down.
-> 2 Hours 6 Minutes, 30 failed logins.
I guess i will pick more complex passwords in the future and try again.
Anyways... don´t do it with your live systems!