So, I tried an experiment last night. If you remember this thread from several weeks ago, I was working on setting up a home server.
Well, I got everything figured out and set up a few weeks ago, and it's working wonderfully. It's definitely very useful to me. Up until now, my server has only been visible on my private subnet: a.k.a. my apartment which is behind a Linksys router. This is fine for most cases...I don't access it too often from outside the house, but occasionally I do want to.
So last night I tried an experiment: I forwarded port 22 on the Linksys router to my server, essentially making it open to the world. Then I went to bed. When I woke up this morning, as was to be expected, the computer had been attacked throughout the night. 235 times to be exact. Not a single login attempt had been successful, of course.
Nevertheless, I don't like this for 2 reasons:
1. All these attacks increase the size of my log files! That's precious disk space! Of course they are small now...but over the course of months and years?
2. I'd like an easy solution to notify me of all successful login attempts. Of course...none of these should occur (except my own login attempts), but it'd be nice to have some kind of notification system so that I don't have to pour through the log files every once in awhile to make sure there were no successful attacks.
I know in the previous thread many people suggested public/private key authentication, but that's not really an option. If I'm going to have ssh running and visible outside my subnet, I want to be able to access it from any computer I happen to be at.
At the current time I'm not using DenyHosts, but I'll probably install it.