Sshd reporting frequent connection attempts

The system logs show that there are frequent ssh connection attempts since a few months. Is there anything to be concerned about? And can anything be done to limit this?

eg.

Oct 14 11:53:40 [HOSTNAME] systemd[1]: Starting sshd.service - OpenSSH server daemon...
Oct 14 11:53:40 [HOSTNAME] sshd[1844]: Server listening on 0.0.0.0 port [SSHD_PORT].
Oct 14 11:53:40 [HOSTNAME] sshd[1844]: Server listening on :: port [SSHD_PORT].
Oct 14 11:53:40 [HOSTNAME] sshd[1844]: error: Bind to port [SSHD_PORT] on 0.0.0.0 failed: Address already in use.
Oct 14 11:53:40 [HOSTNAME] sshd[1844]: error: Bind to port [SSHD_PORT] on :: failed: Address already in use.
Oct 14 11:53:40 [HOSTNAME] systemd[1]: Started sshd.service - OpenSSH server daemon.
Oct 14 11:56:33 [HOSTNAME] sshd[9961]: Invalid user maven from 47.176.104.76 port 4413
Oct 14 11:56:33 [HOSTNAME] sshd[9961]: Received disconnect from 47.176.104.76 port 4413:11: Bye Bye [preauth]
Oct 14 11:56:33 [HOSTNAME] sshd[9961]: Disconnected from invalid user maven 47.176.104.76 port 4413 [preauth]
Oct 14 12:00:46 [HOSTNAME] sshd[13730]: Invalid user altibase from 152.179.67.70 port 4175
Oct 14 12:00:46 [HOSTNAME] sshd[13730]: Received disconnect from 152.179.67.70 port 4175:11: Bye Bye [preauth]
Oct 14 12:00:46 [HOSTNAME] sshd[13730]: Disconnected from invalid user altibase 152.179.67.70 port 4175 [preauth]
Oct 14 12:02:02 [HOSTNAME] sshd[14003]: Invalid user jboisson from 111.67.196.101 port 57020
Oct 14 12:02:02 [HOSTNAME] sshd[14003]: Received disconnect from 111.67.196.101 port 57020:11: Bye Bye [preauth]
Oct 14 12:02:02 [HOSTNAME] sshd[14003]: Disconnected from invalid user jboisson 111.67.196.101 port 57020 [preauth]
Oct 14 12:31:07 [HOSTNAME] sshd[21127]: Invalid user uno from 134.17.17.32 port 22528
Oct 14 12:31:07 [HOSTNAME] sshd[21127]: Received disconnect from 134.17.17.32 port 22528:11: Bye Bye [preauth]
Oct 14 12:31:07 [HOSTNAME] sshd[21127]: Disconnected from invalid user uno 134.17.17.32 port 22528 [preauth]
Oct 14 12:31:29 [HOSTNAME] sshd[21205]: Invalid user console from 161.35.59.177 port 52546
Oct 14 12:31:29 [HOSTNAME] sshd[21205]: Received disconnect from 161.35.59.177 port 52546:11: Bye Bye [preauth]
Oct 14 12:31:29 [HOSTNAME] sshd[21205]: Disconnected from invalid user console 161.35.59.177 port 52546 [preauth]
Oct 14 12:31:30 [HOSTNAME] sshd[21206]: Invalid user zemba from 5.188.67.76 port 36108
Oct 14 12:31:30 [HOSTNAME] sshd[21206]: Received disconnect from 5.188.67.76 port 36108:11: Bye Bye [preauth]
Oct 14 12:31:30 [HOSTNAME] sshd[21206]: Disconnected from invalid user zemba 5.188.67.76 port 36108 [preauth]
Oct 14 12:35:06 [HOSTNAME] sshd[22108]: Invalid user hfdw from 103.236.201.117 port 33040
Oct 14 12:35:06 [HOSTNAME] sshd[22108]: Received disconnect from 103.236.201.117 port 33040:11: Bye Bye [preauth]
Oct 14 12:35:06 [HOSTNAME] sshd[22108]: Disconnected from invalid user hfdw 103.236.201.117 port 33040 [preauth]
Oct 14 12:35:11 [HOSTNAME] sshd[22146]: Invalid user teamspeak from 185.74.4.17 port 40587
Oct 14 12:35:11 [HOSTNAME] sshd[22146]: Received disconnect from 185.74.4.17 port 40587:11: Bye Bye [preauth]
Oct 14 12:35:11 [HOSTNAME] sshd[22146]: Disconnected from invalid user teamspeak 185.74.4.17 port 40587 [preauth]
Oct 14 13:22:06 [HOSTNAME] sshd[31532]: Invalid user cgz from 159.223.144.238 port 33616
Oct 14 13:22:06 [HOSTNAME] sshd[31532]: Received disconnect from 159.223.144.238 port 33616:11: Bye Bye [preauth]
Oct 14 13:22:06 [HOSTNAME] sshd[31532]: Disconnected from invalid user cgz 159.223.144.238 port 33616 [preauth]
Oct 14 13:27:59 [HOSTNAME] sshd[32489]: Invalid user redmine from 1.232.29.21 port 48432
Oct 14 13:27:59 [HOSTNAME] sshd[32489]: Received disconnect from 1.232.29.21 port 48432:11: Bye Bye [preauth]
Oct 14 13:27:59 [HOSTNAME] sshd[32489]: Disconnected from invalid user redmine 1.232.29.21 port 48432 [preauth]
Oct 14 15:21:46 [HOSTNAME] sshd[52126]: Invalid user user from 77.52.12.151 port 48854
Oct 14 15:21:46 [HOSTNAME] sshd[52126]: Received disconnect from 77.52.12.151 port 48854:11: Bye Bye [preauth]
Oct 14 15:21:46 [HOSTNAME] sshd[52126]: Disconnected from invalid user user 77.52.12.151 port 48854 [preauth]
Oct 14 15:29:16 [HOSTNAME] sshd[53648]: Invalid user mysqlbackup from 218.49.184.67 port 45742
Oct 14 15:29:17 [HOSTNAME] sshd[53648]: Received disconnect from 218.49.184.67 port 45742:11: Bye Bye [preauth]
Oct 14 15:29:17 [HOSTNAME] sshd[53648]: Disconnected from invalid user mysqlbackup 218.49.184.67 port 45742 [preauth]
Oct 14 15:29:43 [HOSTNAME] sshd[53847]: Invalid user hong from 118.99.93.208 port 52645
Oct 14 15:29:44 [HOSTNAME] sshd[53847]: Received disconnect from 118.99.93.208 port 52645:11: Bye Bye [preauth]
Oct 14 15:29:44 [HOSTNAME] sshd[53847]: Disconnected from invalid user hong 118.99.93.208 port 52645 [preauth]
Oct 14 15:30:48 [HOSTNAME] sshd[54091]: Invalid user squid from 52.142.11.171 port 1024
Oct 14 15:30:48 [HOSTNAME] sshd[54091]: Received disconnect from 52.142.11.171 port 1024:11: Bye Bye [preauth]
Oct 14 15:30:48 [HOSTNAME] sshd[54091]: Disconnected from invalid user squid 52.142.11.171 port 1024 [preauth]
Oct 14 15:40:43 [HOSTNAME] sshd[55748]: Invalid user demom5147 from 139.59.121.188 port 54242
Oct 14 15:40:43 [HOSTNAME] sshd[55748]: Received disconnect from 139.59.121.188 port 54242:11: Bye Bye [preauth]
Oct 14 15:40:43 [HOSTNAME] sshd[55748]: Disconnected from invalid user demom5147 139.59.121.188 port 54242 [preauth]
Oct 14 16:00:01 [HOSTNAME] sshd[59092]: Invalid user admin from 110.136.161.11 port 54004
Oct 14 16:00:02 [HOSTNAME] sshd[59092]: Received disconnect from 110.136.161.11 port 54004:11: Bye Bye [preauth]
Oct 14 16:00:02 [HOSTNAME] sshd[59092]: Disconnected from invalid user admin 110.136.161.11 port 54004 [preauth]
Oct 14 16:17:57 [HOSTNAME] sshd[62515]: Invalid user ts3server from 51.250.90.116 port 37986
Oct 14 16:17:58 [HOSTNAME] sshd[62515]: Received disconnect from 51.250.90.116 port 37986:11: Bye Bye [preauth]
Oct 14 16:17:58 [HOSTNAME] sshd[62515]: Disconnected from invalid user ts3server 51.250.90.116 port 37986 [preauth]
Oct 14 16:20:09 [HOSTNAME] sshd[62912]: Invalid user saned from 94.200.206.6 port 60986
Oct 14 16:20:09 [HOSTNAME] sshd[62912]: Received disconnect from 94.200.206.6 port 60986:11: Bye Bye [preauth]
Oct 14 16:20:09 [HOSTNAME] sshd[62912]: Disconnected from invalid user saned 94.200.206.6 port 60986 [preauth]
Oct 14 16:21:55 [HOSTNAME] sshd[63206]: Invalid user maven from 159.65.9.236 port 39144
Oct 14 16:21:55 [HOSTNAME] sshd[63206]: Received disconnect from 159.65.9.236 port 39144:11: Bye Bye [preauth]
Oct 14 16:21:55 [HOSTNAME] sshd[63206]: Disconnected from invalid user maven 159.65.9.236 port 39144 [preauth]
Oct 14 16:22:10 [HOSTNAME] sshd[63244]: Invalid user sftp from 128.199.18.102 port 54314
Oct 14 16:22:10 [HOSTNAME] sshd[63244]: Received disconnect from 128.199.18.102 port 54314:11: Bye Bye [preauth]
Oct 14 16:22:10 [HOSTNAME] sshd[63244]: Disconnected from invalid user sftp 128.199.18.102 port 54314 [preauth]
Oct 14 16:22:25 [HOSTNAME] sshd[63278]: Invalid user admin from 216.172.165.97 port 58212
Oct 14 16:22:25 [HOSTNAME] sshd[63278]: Received disconnect from 216.172.165.97 port 58212:11: Bye Bye [preauth]
Oct 14 16:22:25 [HOSTNAME] sshd[63278]: Disconnected from invalid user admin 216.172.165.97 port 58212 [preauth]
Oct 14 16:23:02 [HOSTNAME] sshd[63380]: Invalid user csgo from 167.172.112.115 port 58796
Oct 14 16:23:02 [HOSTNAME] sshd[63380]: Received disconnect from 167.172.112.115 port 58796:11: Bye Bye [preauth]
Oct 14 16:23:02 [HOSTNAME] sshd[63380]: Disconnected from invalid user csgo 167.172.112.115 port 58796 [preauth]
Oct 14 16:27:41 [HOSTNAME] sshd[64352]: Invalid user shop from 201.163.1.66 port 34584
Oct 14 16:27:41 [HOSTNAME] sshd[64352]: Received disconnect from 201.163.1.66 port 34584:11: Bye Bye [preauth]
Oct 14 16:27:41 [HOSTNAME] sshd[64352]: Disconnected from invalid user shop 201.163.1.66 port 34584 [preauth]
Oct 14 16:27:52 [HOSTNAME] sshd[64367]: Invalid user wcsd from 104.248.181.156 port 45406
Oct 14 16:27:53 [HOSTNAME] sshd[64367]: Received disconnect from 104.248.181.156 port 45406:11: Bye Bye [preauth]
Oct 14 16:27:53 [HOSTNAME] sshd[64367]: Disconnected from invalid user wcsd 104.248.181.156 port 45406 [preauth]
Oct 14 16:27:55 [HOSTNAME] sshd[64382]: Invalid user rsync from 95.71.89.229 port 49903
Oct 14 16:27:56 [HOSTNAME] sshd[64382]: Received disconnect from 95.71.89.229 port 49903:11: Bye Bye [preauth]
Oct 14 16:27:56 [HOSTNAME] sshd[64382]: Disconnected from invalid user rsync 95.71.89.229 port 49903 [preauth]
Oct 14 16:31:03 [HOSTNAME] sshd[64888]: Invalid user user from 165.22.216.121 port 59834
Oct 14 16:31:04 [HOSTNAME] sshd[64888]: Received disconnect from 165.22.216.121 port 59834:11: Bye Bye [preauth]
Oct 14 16:31:04 [HOSTNAME] sshd[64888]: Disconnected from invalid user user 165.22.216.121 port 59834 [preauth]
Oct 14 17:26:14 [HOSTNAME] sshd[74941]: Invalid user ftpsvr from 190.89.12.2 port 43464
Oct 14 17:26:14 [HOSTNAME] sshd[74941]: Received disconnect from 190.89.12.2 port 43464:11: Bye Bye [preauth]
Oct 14 17:26:14 [HOSTNAME] sshd[74941]: Disconnected from invalid user ftpsvr 190.89.12.2 port 43464 [preauth]
Oct 14 17:29:34 [HOSTNAME] sshd[75696]: Invalid user gabor from 149.56.102.60 port 56124
Oct 14 17:29:34 [HOSTNAME] sshd[75696]: Received disconnect from 149.56.102.60 port 56124:11: Bye Bye [preauth]
Oct 14 17:29:34 [HOSTNAME] sshd[75696]: Disconnected from invalid user gabor 149.56.102.60 port 56124 [preauth]
Oct 14 17:30:24 [HOSTNAME] sshd[75826]: Invalid user drricardokacowicz from 129.126.119.71 port 60506
Oct 14 17:30:24 [HOSTNAME] sshd[75826]: Received disconnect from 129.126.119.71 port 60506:11: Bye Bye [preauth]
Oct 14 17:30:24 [HOSTNAME] sshd[75826]: Disconnected from invalid user drricardokacowicz 129.126.119.71 port 60506 [preauth]
Oct 14 17:40:43 [HOSTNAME] sshd[77731]: Invalid user hfxw from 180.69.254.177 port 46160
Oct 14 17:40:43 [HOSTNAME] sshd[77731]: Received disconnect from 180.69.254.177 port 46160:11: Bye Bye [preauth]
Oct 14 17:40:43 [HOSTNAME] sshd[77731]: Disconnected from invalid user hfxw 180.69.254.177 port 46160 [preauth]
Oct 14 17:44:41 [HOSTNAME] sshd[78315]: Invalid user guest from 42.119.111.155 port 57972
Oct 14 17:44:41 [HOSTNAME] sshd[78315]: Received disconnect from 42.119.111.155 port 57972:11: Bye Bye [preauth]
Oct 14 17:44:41 [HOSTNAME] sshd[78315]: Disconnected from invalid user guest 42.119.111.155 port 57972 [preauth]
Oct 14 17:46:25 [HOSTNAME] sshd[78616]: User tcpdump from 209.14.70.223 not allowed because not listed in AllowUsers
Oct 14 17:46:25 [HOSTNAME] sshd[78616]: Received disconnect from 209.14.70.223 port 52770:11: Bye Bye [preauth]
Oct 14 17:46:25 [HOSTNAME] sshd[78616]: Disconnected from invalid user tcpdump 209.14.70.223 port 52770 [preauth]
Oct 14 18:04:07 [HOSTNAME] sshd[81613]: Invalid user ladi from 161.18.228.75 port 45294
Oct 14 18:04:08 [HOSTNAME] sshd[81613]: Received disconnect from 161.18.228.75 port 45294:11: Bye Bye [preauth]
Oct 14 18:04:08 [HOSTNAME] sshd[81613]: Disconnected from invalid user ladi 161.18.228.75 port 45294 [preauth]
Oct 14 18:04:40 [HOSTNAME] sshd[81682]: Invalid user maven from 46.101.74.205 port 57308
Oct 14 18:04:40 [HOSTNAME] sshd[81682]: Received disconnect from 46.101.74.205 port 57308:11: Bye Bye [preauth]
Oct 14 18:04:40 [HOSTNAME] sshd[81682]: Disconnected from invalid user maven 46.101.74.205 port 57308 [preauth]
Oct 14 18:06:03 [HOSTNAME] sshd[81934]: Invalid user hadoop from 103.242.199.203 port 54536
Oct 14 18:06:03 [HOSTNAME] sshd[81934]: Received disconnect from 103.242.199.203 port 54536:11: Bye Bye [preauth]
Oct 14 18:06:03 [HOSTNAME] sshd[81934]: Disconnected from invalid user hadoop 103.242.199.203 port 54536 [preauth]
Oct 14 18:06:16 [HOSTNAME] sshd[81966]: Invalid user shop from 188.166.58.179 port 58876
Oct 14 18:06:16 [HOSTNAME] sshd[81966]: Received disconnect from 188.166.58.179 port 58876:11: Bye Bye [preauth]
Oct 14 18:06:16 [HOSTNAME] sshd[81966]: Disconnected from invalid user shop 188.166.58.179 port 58876 [preauth]
Oct 14 18:07:30 [HOSTNAME] sshd[82216]: Invalid user mayeh from 197.5.145.87 port 6263
Oct 14 18:07:30 [HOSTNAME] sshd[82216]: Received disconnect from 197.5.145.87 port 6263:11: Bye Bye [preauth]
Oct 14 18:07:30 [HOSTNAME] sshd[82216]: Disconnected from invalid user mayeh 197.5.145.87 port 6263 [preauth]
Oct 14 18:07:37 [HOSTNAME] sshd[82236]: Invalid user matsu from 186.211.105.178 port 35730
Oct 14 18:07:37 [HOSTNAME] sshd[82236]: Received disconnect from 186.211.105.178 port 35730:11: Bye Bye [preauth]
Oct 14 18:07:37 [HOSTNAME] sshd[82236]: Disconnected from invalid user matsu 186.211.105.178 port 35730 [preauth]
Oct 14 18:28:28 [HOSTNAME] sshd[85636]: Invalid user hip from 187.189.175.4 port 54772
Oct 14 18:28:28 [HOSTNAME] sshd[85636]: Received disconnect from 187.189.175.4 port 54772:11: Bye Bye [preauth]
Oct 14 18:28:28 [HOSTNAME] sshd[85636]: Disconnected from invalid user hip 187.189.175.4 port 54772 [preauth]
Oct 14 18:33:23 [HOSTNAME] sshd[86470]: Invalid user ts from 138.68.148.157 port 34232
Oct 14 18:33:23 [HOSTNAME] sshd[86470]: Received disconnect from 138.68.148.157 port 34232:11: Bye Bye [preauth]
Oct 14 18:33:23 [HOSTNAME] sshd[86470]: Disconnected from invalid user ts 138.68.148.157 port 34232 [preauth]

I have sshd configured to use a custom port (yay, security by obscurity not working!) which is forwarded by the router, allow only my user, no root login, no password login, public key authentication only.

Previously on every fedora upgrade I would have to reconfigure these settings which would get reset to defaults, and my config saved to an .rpmsave file, but the past 1-2 upgrades (currently on f36) I haven’t had to reconfigure for some reason.

I have noticed 3 config files: /etc/ssh/sshd_config, /etc/ssh/sshd_config.d/05-redhat.conf, and /etc/ssh/sshd_config.d/50-redhat.conf. They overlap some of the settings, and to my knowledge they consecutively apply settings, with higher numbered ones coming later and thus taking precedence, yes?

sshd_config
#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# To modify the system-wide sshd configuration, create a  *.conf  file under
#  /etc/ssh/sshd_config.d/  which will be automatically included below
Include /etc/ssh/sshd_config.d/*.conf

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
Port [SSHD_PORT]
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#KbdInteractiveAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server
05-redhat.conf
# This system is following system-wide crypto policy. The changes to
# crypto properties (Ciphers, MACs, ...) will not have any effect here.
# They will be overridden by command-line options passed to the server
# on command line.
# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).

Port [SSHD_PORT]

SyslogFacility AUTHPRIV

PermitRootLogin no

PasswordAuthentication no
KbdInteractiveAuthentication no

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

GSSAPIAuthentication yes
GSSAPICleanupCredentials no

UsePAM yes

X11Forwarding yes

# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
# as it is more configurable and versatile than the built-in version.
PrintMotd no

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

50-redhat.conf
# This system is following system-wide crypto policy. The changes to
# crypto properties (Ciphers, MACs, ...) will not have any effect in
# this or following included files. To override some configuration option,
# write it before this block or include it before this file.
# Please, see manual pages for update-crypto-policies(8) and sshd_config(5).
Include /etc/crypto-policies/back-ends/opensshserver.config

SyslogFacility AUTHPRIV

AllowUsers [USER]
PermitRootLogin no
PasswordAuthentication no
KbdInteractiveAuthentication no

GSSAPIAuthentication yes
GSSAPICleanupCredentials no

UsePAM yes

X11Forwarding yes

# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,
# as it is more configurable and versatile than the built-in version.
PrintMotd no

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS


Improvement suggestions are welcome. Though the first order of business is, are those connection attempts indicative of a problem?

I’d remove one of the redhat.conf files (probably both even). When you update the system it shouldn’t overwrite your config file either. As for some security I’d recommend installing the sshguard package. Out of the box it doesn’t require any additional configuration but you can customize it how you like. It will log the attempts and create firewall rules to reject additional attempts.

Interesting, I didn’t know about sshguard. The last release seems to be from 2018. Is it still maintained?

I thought the config files got split a few fedora/systemd releases ago, from a single file into a bunch of files in the .d/ subdirectory. Pretty sure I didn’t make the redhat file myself, although it’s possible one of them is the result of me saving an old config under a new name to prevent it from getting overwritten.

Do the connection attempts seem like a problem?

50-redhat.conf is provided by openssh-server so don’t remove that one… The other file probably came from an older Fedora release.

Another thing of note.
After reading /etc/ssh/sshd_config it is easy to see that the .conf files in /etc/ssh/sshd_config.d are read first so the settings in /etc/ssh/sshd_config are processed last and would over-ride the settings from the other files. It also displays all (almost all?) the defaults so it is easy to tell what the default settings are and to make changes from that point.

Hmm, true. I wonder why the .conf files are imported at the beginning instead of the end of the file.

I think I kept that file at the defaults and made changes in the .conf file(s) as mentioned in the comments at the top. That works since nearly all entries in /etc/ssh/sshd_config are commented out and just show default values.

If openssh package updates change that default config file it shouldn’t affect my settings, as long as they don’t uncomment options.

As for the connection attempts, I suppose that isn’t anything to worry about?

According tp the manual, man sshd_config

SSHD_CONFIG(5)          BSD File Formats Manual          SSHD_CONFIG(5)

NAME
     sshd_config — OpenSSH daemon configuration file

DESCRIPTION
     sshd(8) reads configuration data from /etc/ssh/sshd_config (or the
     file specified with -f on the command line).  The file contains
     keyword-argument pairs, one per line.  For each keyword, the first
     obtained value will be used.  Lines starting with ‘#’ and empty
     lines are interpreted as comments.  Arguments may optionally be
     enclosed in double quotes (") in order to represent arguments con‐
     taining spaces.

The first occurrence of a keywoard will be used and later occurremces are not used.

You can create a new file in the /etc/ssh/sshd_config.d directory whre you specify all your local custpmizations. If you name the file 00local-conf.conf you can override any keyword. Also, system upgrades will not touch that file.