On 2014-11-18 18:38, Kevin de Bie wrote: > > Fail2Ban works really well. Shifting to a non standard port only stops > the scriptkids from having too much automated options and does not do > anything for actual security. For this reason I personally never > bothered with that. Non standard username and password auth with > fail2ban makes brute forcing practically impossible, this is usually how > I have things configured.
Just changing it to key-based authentication stops ALL password-guessing attacks. You will then be left with the logs though. Hence lets make a little list for clarity in order of "should at least do": - Use SSH Authentication - Disable Password Authentication - Use Fail2ban - Restrict on IP address (no need for fail2ban then) Greets, Jeroen _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
