There is so much of attempts on ssh. Fail2ban is doing its best. Thought of using zerotier so that I can leave the ssh port blocked. Installed the zerotier-one on Debian 11 and zerotier got the private ip. Can ping but cannot ssh. If I open the ssh port, then I can ssh in. There is another Debian 11 server that is behind an Asus router with port forwarding to the ssh port. Installed zerotier-one, got the private ip. Left the ispconfig firewall open for ssh but closed the port-forwarding in the asus router. I can ssh into the server even when the asus router has blocked the port. How to change the firewall to make zerotier work when the server is in the datacenter connected directly to the internet? Any advice on zerotier?
You probably want to contact Zerotier support and ask them how to get their software to work, as that's not ISPConfig related. On Debian and Ubuntu, your firewall is likely UFW. So you must ask them how to get their software to work with UFW Firewall.
Received this solution from another user at zerotier. https://discuss.zerotier.com/t/debian-11-with-ufw-firewall-is-blocking-zerotier/13072 While experinmenting got this to work. Seems to do the job without affecting ispconfig setup. Change the ListenAddress setting to the ip address of zerotier in sshd_config and restart sshd. Now ssh is not on the public ip. Only on the private ip of zerotier. Hope this helps others. Hopefully no more hackers trying to get in using ssh.
