First of all, SSH access should be blocked - I am wondering since years why the hell people left SSH port open to the word? Seriously smallest VPC+openvpn cost $5 monthly…
_
Zbyszek Żółkiewski
> Wiadomość napisana przez Peter Hessler <phessler@theapt.org> w dniu 30.10.2017, o godz. 10:35:
>
> On 2017 Oct 30 (Mon) at 11:06:02 +0200 (+0200), Gregory Edigarov wrote:
> :On 29.10.17 03:20, x9p wrote:
> :>
> :> Coming from the Linux world, I wonder if there is a better alternative to
> :> fail2ban, already being used in OpenBSD servers by the majority.
> :>
> :I suggest you NEVER use such "solutions". It's security by obscurity model,
> :and therefore a bad very very bad thing.
>
> On the contrary, it is a great way to identify bad actors. IMHO,
> someone trying to bruteforce passwords deserves to be blocked at the
> network level.
>
>
> :You'd be much safer completely turning off password authentication, using
> :keys instead.
> :
>
> Who says password auth is enabled in the first place?
>
>
> --
> Q: Why do ducks have flat feet?
> A: To stamp out forest fires.
>
> Q: Why do elephants have flat feet?
> A: To stamp out flaming ducks.
>
No comments:
Post a Comment