On 2017 Oct 30 (Mon) at 11:06:02 +0200 (+0200), Gregory Edigarov wrote:
:On 29.10.17 03:20, x9p wrote:
:>
:> Coming from the Linux world, I wonder if there is a better alternative to
:> fail2ban, already being used in OpenBSD servers by the majority.
:>
:I suggest you NEVER use such "solutions". It's security by obscurity model,
:and therefore a bad very very bad thing.
On the contrary, it is a great way to identify bad actors. IMHO,
someone trying to bruteforce passwords deserves to be blocked at the
network level.
:You'd be much safer completely turning off password authentication, using
:keys instead.
:
Who says password auth is enabled in the first place?
--
Q: Why do ducks have flat feet?
A: To stamp out forest fires.
Q: Why do elephants have flat feet?
A: To stamp out flaming ducks.
No comments:
Post a Comment