Offsite Backup via SFTP causing multiple failed login attempts

[rspierenburg]

Hi,
I'm currently using SFTP to do offsite backups from a server running Duplicati to my Freenas. I'm getting daily logs of failed login attempts, probably from bots. The backups are being done via a low level user account which doesn't have any root access but it still makes me nervous. All the backups are being done from a computer with a (mostly) constant IP address.

I'm wondering if there is a better way to backup from an offsite server rather than SFTP to try to mitigate these login attempts. I'm not using the standard SSH or FTP ports but that doesn't seem to make a difference.

I know exposing the Freenas to the internet in-itself causes potential for hack attempts but I'm hoping for perhaps a more secure solution.

Any help would be greatly appreciated.

Thanks,
Robert

 

[jgreco]

SFTP is a truly awful abomination that should never have seen the light of day. It comes from that same combination of arrogance-and-desperation that saw hundreds of diverse and flexible protocols thirty years ago all migrate to :80/:443 for reasons that mostly boil down to "lazy".

It leads to problems like this.

Ideally, you should set up a VPN between the two sites. This will mitigate the attacks and allow you to avoid exposing SSH in the first place.

Be aware that there are more dangerous attacks such as FritzFrog which are running wild on the Internet right now. It is simply not a great idea to expose SSH unnecessarily.

 

[Heracles]

Hey @rspierenburg,

I think @jgreco is going a little too hard against SFTP... It is much more usable and makes more sense then what he expressed...

He is right that the VPN would be the ideal way for linking your 2 servers. But if you can not, just disable the password authentication in your SSHD service and go with publickey authentication only. Bots and external attackers will not even be answered should they try passwords. They will be bounced back requiring them crypto key.