On 2014-11-18 18:46, Jeroen Massar wrote: > Hence lets make a little list for clarity in order of "should at least do": > > - Use SSH Authentication > - Disable Password Authentication > - Use Fail2ban > - Restrict on IP address (no need for fail2ban then) Additionally - with ssh over hidden services: HiddenServiceDir /var/lib/tor/hidden_ssh/ HiddenServicePort 22 127.0.0.1:22 there is no need to open any ssh-port. Works very well for my relay 'TorMachine'. No trouble with brute force attacks, huge logfiles and so on.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays