On Mon, 30 Oct 2017, Gregory Edigarov <ediga...@qarea.com> wrote: > On 29.10.17 03:20, x9p wrote: >> >> Coming from the Linux world, I wonder if there is a better alternative >> to fail2ban, already being used in OpenBSD servers by the majority. >> > I suggest you NEVER use such "solutions". It's security by obscurity > model, and therefore a bad very very bad thing. > You'd be much safer completely turning off password authentication, > using keys instead.
Throttling brute-force attack attempts is usually Good. Passwords are one thing to try forcing, but there may be other undiscovered (or unpatched) vulns, like the Debian key fiasco or such. Of course, if it actually made sense, OpenBSD would probably ship it as a default ;) <3,K.
