First of all, SSH access should be blocked - I am wondering since years why the hell people left SSH port open to the word? Seriously smallest VPC+openvpn cost $5 monthly…
_ Zbyszek Żółkiewski > Wiadomość napisana przez Peter Hessler <phess...@theapt.org> w dniu > 30.10.2017, o godz. 10:35: > > On 2017 Oct 30 (Mon) at 11:06:02 +0200 (+0200), Gregory Edigarov wrote: > :On 29.10.17 03:20, x9p wrote: > :> > :> Coming from the Linux world, I wonder if there is a better alternative to > :> fail2ban, already being used in OpenBSD servers by the majority. > :> > :I suggest you NEVER use such "solutions". It's security by obscurity model, > :and therefore a bad very very bad thing. > > On the contrary, it is a great way to identify bad actors. IMHO, > someone trying to bruteforce passwords deserves to be blocked at the > network level. > > > :You'd be much safer completely turning off password authentication, using > :keys instead. > : > > Who says password auth is enabled in the first place? > > > -- > Q: Why do ducks have flat feet? > A: To stamp out forest fires. > > Q: Why do elephants have flat feet? > A: To stamp out flaming ducks. >
