fail2ban VS. denyhost
techlists at phpcoderusa.com
techlists at phpcoderusa.com
Wed Oct 15 11:14:30 MST 2014
If you always connect via the same remote IP you can block all IP's
except that one using IPTables, and you can take it right down to the
port.
On 2014-10-15 13:02, Ed wrote:
> Stephen,
>
> The typical security/access measure is to move the SSH port to a
> random high port number, not the standard 22. Your ISP or the ISP your
> laptop is connected to may block standard ports, but not likely a high
> port number or port 443*. The obscurity of non-standard ports will
> force a scanner to trip your fail2ban/denyhosts service, but isn't
> really a security feature itself anymore. So, port knocking is also a
> good thing to do.
>
> Also, don't use passwords - only certificates - and keep an eye out
> for adding 2 factor authentication to your new server as that is on
> the horizon for most everyone.
>
> *http://ubuntu-tutorials.com/2013/11/27/tunnel-ssh-over-ssl/
>
> On Wed, Oct 15, 2014 at 10:13 AM, Mike Ballon <mike.ballon at gmail.com>
> wrote:
>> I hear ya knocking...
>>
>> https://www.digitalocean.com/community/tutorials/how-to-use-port-knocking-to-hide-your-ssh-daemon-from-attackers-on-ubuntu
>>
>>
>> On Wed, Oct 15, 2014 at 1:10 PM, Stephen M <smelheim85 at gmail.com>
>> wrote:
>>>
>>> I am trying to learn about ssh and remoting into a computer from out
>>> of my
>>> house. I have all the ability to do this but I want to make sure my
>>> desktop
>>> is secured. I will basically be either using resources on my desktop
>>> or
>>> backing up files to my laptop.
>>>
>>> From what I have read. denyhosts and fail2ban are the same, the only
>>> difference is fail2ban requires more maintenance and has more
>>> options. If I
>>> am just trying to turn my desktop into a file server whats the best
>>> option
>>> here?
>>>
>>> --
>>> Stephen Melheim
>>> 602-400-7707
>>> SMelheim85 at gmail.com
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
More information about the PLUG-discuss
mailing list