[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] List of Relays' Available SSH Auth Methods

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] List of Relays' Available SSH Auth Methods
From: Kevin de Bie <kevindebie@xxxxxxxxx>
Date: Tue, 18 Nov 2014 17:38:37 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Nov 2014 12:38:54 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:from:date:message-id:subject:to :content-type; bh=kNJ0RS+L3awXZhXcasQWsjQkak+xezKKhiy7m53nTJM=; b=Gooe9OFOOpHhxvqBwVFjaT2EcG4014XcDMBLHGT3hnNvUk5ZYUcR2MxB2Y232lNfni 7YSjzU/F9nuNPLSxzArEh0+rb8jBfmi3Gj1wk4NuaOEOhkqbhFctEiMTGNtY2yqvTb9q EAZsqtoKqyTiZf+oqz1gdny46ZuvO6pFE4vBqkMrWUSuxQNKGc7dgKc4KjqgVaGxuyDB QNRGleFyWR6+g4aar5wmGqtCYnAMbB2mHWowO2sP2oeS8fbt7zKMtje9n+vKxI/z5Lav ti701qVdOUGrxHReJvk606wEnR/Zqt0jZjJi2ItSqprUCStK5f4dhpDx5hm8iS/WGtI7 TFtg==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <546B6131.5060103@xxxxxxxxxxx> <546B6597.7050909@xxxxxxxxx> <546B70B2.7020805@xxxxxx> <CAKCAbMi6w8P_f6VT01B25NVcJUtt5G_na9tF4iNd8FBrMFW+Yw@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Fail2Ban works really well. Shifting to a non standard port only stops the scriptkids from having too much automated options and does not do anything for actual security. For this reason I personally never bothered with that. Non standard username and password auth with fail2ban makes brute forcing practically impossible, this is usually how I have things configured.Â

Op 17:46 di 18 nov. 2014 schreefÂZack Weinberg <zackw@xxxxxxx>:

On Tue, Nov 18, 2014 at 11:15 AM, Toralf FÃrster <toralf.foerster@xxxxxx> wrote:
> On 11/18/2014 04:28 PM, Jeroen Massar wrote:
>> People should realize though that it is not 'safer' in any way running
>> SSH on another port.
>
> But it is (slightly) more expensive - which counts, or ?

In my limited experience, moving SSH to another port made no apparent
difference to the number of random attempts to break in.Â I'd
recommend fail2ban or equivalent instead.

zw
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxorg
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Jeroen Massar
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Libertas

References:
- [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Libertas
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Jeroen Massar
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Toralf FÃrster
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Zack Weinberg

Prev by Author: [tor-relays] Graph not updating.
Next by Author: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Previous by thread: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Next by thread: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Index(es):
- Author
- Thread