[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] List of Relays' Available SSH Auth Methods

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] List of Relays' Available SSH Auth Methods
From: Jeroen Massar <jeroen@xxxxxxxxx>
Date: Tue, 18 Nov 2014 18:46:52 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 18 Nov 2014 12:47:40 -0500
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=massar.ch; s=DKIM2009; t=1416332814; bh=uxyruqy4va5/pGLhdi7o4PEfdU7jA8Vh+pqG7NTOX7g=; h=Date:From:To:Subject:References:In-Reply-To; b=cICqkOA/P42lAFt4HLyFdlxTiCRIkFKa6IXMrsU4ss6hpIZpJj4ehHW9BaGDeffvP pc0X75zvwVLjNDJpr+U/aor5JzTFT9Km6u9y9I/Th8XSCjxe474OY/iR605A9lYLIG vx/AFDUjJe6j7d2sqgEBvyGYXogKOdjYof143NSQuJyFpyJMWO59+9eJy3Zrm7PK+a yfwrDUQvFeC63YKhcKk6qhxRqICz5lM8v6nANwFg4pOqobRhd0tNeIPfdQnqmUrEFM qS3RAR4kEVM4twVGq/2Au5NJM4dDro0x91YnXtozqZqIn7HIlvPHoOOcLQOdPDBlnd cdZQUhn4gq/cQ==
In-reply-to: <CAN_4gGzb5TaVykYJULe=QdK6sZRULMA9azBSjLTKLXVbC7LzaQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Organization: Massar
References: <546B6131.5060103@xxxxxxxxxxx> <546B6597.7050909@xxxxxxxxx> <546B70B2.7020805@xxxxxx> <CAKCAbMi6w8P_f6VT01B25NVcJUtt5G_na9tF4iNd8FBrMFW+Yw@xxxxxxxxxxxxxx> <CAN_4gGzb5TaVykYJULe=QdK6sZRULMA9azBSjLTKLXVbC7LzaQ@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On 2014-11-18 18:38, Kevin de Bie wrote:
> 
> Fail2Ban works really well. Shifting to a non standard port only stops
> the scriptkids from having too much automated options and does not do
> anything for actual security. For this reason I personally never
> bothered with that. Non standard username and password auth with
> fail2ban makes brute forcing practically impossible, this is usually how
> I have things configured. 

Just changing it to key-based authentication stops ALL password-guessing
attacks.

You will then be left with the logs though.


Hence lets make a little list for clarity in order of "should at least do":

- Use SSH Authentication
- Disable Password Authentication
- Use Fail2ban
- Restrict on IP address (no need for fail2ban then)

Greets,
 Jeroen

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Dan Rogers
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Tschador

References:
- [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Libertas
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Jeroen Massar
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Toralf FÃrster
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Zack Weinberg
- Re: [tor-relays] List of Relays' Available SSH Auth Methods
  - From: Kevin de Bie

Prev by Author: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Next by Author: Re: [tor-relays] Bwauths Measures question, friends.
Previous by thread: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Next by thread: Re: [tor-relays] List of Relays' Available SSH Auth Methods
Index(es):
- Author
- Thread