Starting yesterday, began seeing thousands of messages like this in the auth.log
sshd[3635916]: banner exchange: Connection from 202.142.184.68 port 24571: invalid format
Almost 17,000 occurrences of the same ip address shown above, and about 500 occurrences of various other ip addresses. The ports are always changing, and I wonder if this is a brute force attempt. I have ufw enabled which includes this rule I added several minutes ago
Anywhere DENY IN 202.142.184.68
but that hasn't stopped the messages. iplocation places the ip address in Pakistan. I have ssh set up to allow connections from only one port, and it's not the default port for ssh. For my userid on the server, I ssh (Putty) without a password, using a secure key.
Any way to stop these sshd connection attempts, or whatever they are. Should I try fail2ban as mentioned in How can I stop ssh bots from trying to SSH in as root?
BTW, server is 22.04.1
