On 2017 Oct 30 (Mon) at 11:06:02 +0200 (+0200), Gregory Edigarov wrote: :On 29.10.17 03:20, x9p wrote: :> :> Coming from the Linux world, I wonder if there is a better alternative to :> fail2ban, already being used in OpenBSD servers by the majority. :> :I suggest you NEVER use such "solutions". It's security by obscurity model, :and therefore a bad very very bad thing.
On the contrary, it is a great way to identify bad actors. IMHO, someone trying to bruteforce passwords deserves to be blocked at the network level. :You'd be much safer completely turning off password authentication, using :keys instead. : Who says password auth is enabled in the first place? -- Q: Why do ducks have flat feet? A: To stamp out forest fires. Q: Why do elephants have flat feet? A: To stamp out flaming ducks.
