The Network Center of Northeastern University provides an SSH blacklist on its official website, which records IP addresses detected using port scanning tools on SSH ports. This system appears to be based on statistics collected from their own honeypot servers. They also offer a downloadable hosts.deny file corresponding to the blacklist, allowing users to automatically update the SSH blacklist and block these scanners (preventing them from logging in) using scheduling tools like cron. It's unclear exactly when this system was implemented, but it has been operational for at least two years. Additionally, the blocking duration for these IP addresses appears to be 60 days from their last detection. Usage method: Install cron on your server and run the following commands to set up the script:...

Today when connecting to an Azure China virtual machine, I noticed extremely slow login response. Even with a good network environment, it took over ten seconds to display the password prompt. After searching on Google, I discovered the issue was caused by DNS reverse lookup. OpenSSH performs a reverse lookup on your IP during login to determine if your IP is on the system's blacklist. However, China Telecom doesn't provide reverse lookup for residential IP addresses, causing OpenSSH to wait until the lookup times out before establishing the connection. The solution is simply to disable reverse lookup. sudo nano /etc/ssh/sshd_config # Add "UseDNS no" at the end of the file, then save and close sudo service ssh restart If the connection remains slow after this configuration,...