You opened up ssh to the internet?
Are you from Finland and Oy Crea Nova Hosting Solution Ltd is your ISP?
Nope, as said i only connect to my NAS locally or via Wireguard container that's hosted on OMV itself. I'm not in Finland.
EDIT: Also checked latest handshakes for my Wireguard peers and there is nothing wrong there. So i actually have no clue how/why i'm receiving attempts on my ssh port that's not exposed to the internet
From the Fail2Ban logs i still see attempts now:
2022-02-13 15:37:59,242 fail2ban.filter [19528]: INFO [ssh] Found 185.204.1.184 - 2022-02-13 15:37:59
2022-02-13 15:37:59,542 fail2ban.actions [19528]: WARNING [ssh] 185.204.1.184 already banned
2022-02-13 15:57:01,552 fail2ban.filter [19528]: INFO [ssh] Found 185.204.1.184 - 2022-02-13 15:57:01
2022-02-13 15:57:01,553 fail2ban.filter [19528]: INFO [ssh] Found 185.204.1.184 - 2022-02-13 15:57:01
2022-02-13 15:57:04,160 fail2ban.filter [19528]: INFO [ssh] Found 185.204.1.184 - 2022-02-13 15:57:03
2022-02-13 15:57:04,462 fail2ban.actions [19528]: WARNING [ssh] 185.204.1.184 already banned
2022-02-13 16:10:40,745 fail2ban.filter [19528]: INFO [ssh] Found 185.204.1.184 - 2022-02-13 16:10:40
2022-02-13 16:10:40,746 fail2ban.filter [19528]: INFO [ssh] Found 185.204.1.184 - 2022-02-13 16:10:40
2022-02-13 16:10:42,750 fail2ban.filter [19528]: INFO [ssh] Found 185.204.1.184 - 2022-02-13 16:10:42
2022-02-13 16:10:43,532 fail2ban.actions [19528]: WARNING [ssh] 185.204.1.184 already banned
Also found this:
https://www.abuseipdb.com/check/185.204.1.184
https://www.abuseipdb.com/check/185.212.149.206
I can actually ping both the ips i mentioned in my first post.
I mean, i would expect to find someone trying to force my ssh, but it's not public... how possible? I'm ignoring somehow how fail2ban works?