You could also just want on the spot access to your box without needing some key. I personally believe a proper un/pw combination used in conjunction with fail2ban is sufficiently secure for pretty much anything that is not a high risk target.
Op 19:10 di 18 nov. 2014 schreef Dan Rogers <d...@holdingitwrong.com>: > > > IMO there could occasionally be reasons not to use key logins (although I > do normally disable pwd login). E.g. if I have a key, I then have evidence > somewhere (USB/HD), whereas a secure password can be kept only in my head > (until they waterboard me). Especially in countries (e.g. the UK) that can > force you to hand over encryption keys. I'd rather have an insecure Tor > node than get arrested (although tbh with fail2ban installed I don't think > pwd bruteforcing is a threat). > > > > > On 18/11/14 17:46, Jeroen Massar wrote: > > On 2014-11-18 18:38, Kevin de Bie wrote: > > > Fail2Ban works really well. Shifting to a non standard port only stops > the scriptkids from having too much automated options and does not do > anything for actual security. For this reason I personally never > bothered with that. Non standard username and password auth with > fail2ban makes brute forcing practically impossible, this is usually how > I have things configured. > > > Just changing it to key-based authentication stops ALL password-guessing > attacks. > > You will then be left with the logs though. > > > Hence lets make a little list for clarity in order of "should at least do": > > - Use SSH Authentication > - Disable Password Authentication > - Use Fail2ban > - Restrict on IP address (no need for fail2ban then) > > Greets, > Jeroen > > _______________________________________________ > tor-relays mailing > listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > -- > Dan Rogers > +44 7539 552349 > skype: dan.j.rogers > gpg key <https://secure.techwang.com/gpg/public_key.txt> > linkedin <http://www.linkedin.com/in/danrogerslondon> | twitter > <http://twitter.com/danjrog> | spotify > <http://open.spotify.com/user/bonkbonkonk> | music > <http://holdingitwrong.com> > _______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
