• 0 Posts
  • 8 Comments
Joined 1 year ago
cake
Cake day: June 10th, 2023

help-circle



  • Personally, I found Arch to be difficult to get installed. I’m ok with command line stuff once everything is all setup, but having to use it for the installation process is something I found to be too easy to screw up and too time consuming overall. Also, I haven’t seen any drop of vanilla Arch with a GUI installer. For the Arch experience, I generally go with EndeavourOS since it’s easy to install, gives you lots of options for the window manager, and is easy to use once you get it up and running.

    If you’d prefer the Debian environment, I think anything from Debian or any of its derivatives (Ubuntu et al) would be a decent choice. My favorite is Linux Mint. I’ve seen a lot of people describe it like “entry-level” Linux, but it’s very capable and user friendly. It’s where I tend to spend most of my time when running Linux and I would say usually requires the least setup since it typically just works out of the box.

    There’s also OpenSUSE Tumbleweed if you feel like going a somewhat different direction. I get more “traditional Linux” vibes from OpenSUSE, but packaged up in a user friendly manner. I play around with it from time to time in a VM, mostly when I want to test out some new server package locally. But, that said, it’s still capable of handling anything else I throw at it, so it’s fun to use all the same.




  • I do see a decent amount of activity on it. Full disclaimer, I am not a security expert. I know just enough to be dangerous. But, I see at least a few connection attempts from different IPs about every day. The top 3 countries of origin are China, Russia, and Brazil (based on the reverse DNS, but it’s possible some are using VPNs to hide their origin). My impression is they’re all bots that just go through a list of IP addresses, attempting to connect to the standard ssh port, then guessing the username and password. What I’ve found is they usually go through a list of likely ssh ports until one of them connects. Having the default port open to only the honeypot means they usually establish the connection, then leave it at that, so my real ssh port never gets hit. I kinda think of it like scambaiting, where I’m just wasting time they might otherwise spend trying to break into someone else’s real ssh server.