[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] List of Relays' Available SSH Auth Methods



On 2014-11-18 18:38, Kevin de Bie wrote:
> 
> Fail2Ban works really well. Shifting to a non standard port only stops
> the scriptkids from having too much automated options and does not do
> anything for actual security. For this reason I personally never
> bothered with that. Non standard username and password auth with
> fail2ban makes brute forcing practically impossible, this is usually how
> I have things configured. 

Just changing it to key-based authentication stops ALL password-guessing
attacks.

You will then be left with the logs though.


Hence lets make a little list for clarity in order of "should at least do":

- Use SSH Authentication
- Disable Password Authentication
- Use Fail2ban
- Restrict on IP address (no need for fail2ban then)

Greets,
 Jeroen

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays