I use IPTable to protect ssh. Should I be using hosts.allow instead? How does host.allow differ from using IPTables to deny all IP's to a specific port except for the IP's you want to give access? Keith On 2014-10-15 15:52, jill wrote: > I would point out that fail2ban is a script that scours auth.log (as > root) for failed authentications, parses out the source host field, > then runs iptables (as root) to add rules for that host. Especially > in light of things like shell shock, think what an attacker could do > with a crafted packet that caused that log line to include malicious > commands in the host field. You're better off properly hardening sshd > itself. > > White list in hosts.allow client ips/domains you will be connecting > from and block all others if at all possible. > Set your sshd_config to: > Never ever allow root login. Ever. > Whitelist explicitly what users/groups can connect on ssh. > Disable password-based auth and use keys, protect the heck out of your > private key. > > -Jill > > > On 2014-10-15 17:10, Stephen M wrote: >> I am trying to learn about ssh and remoting into a computer from out >> of my >> house. I have all the ability to do this but I want to make sure my >> desktop is secured. I will basically be either using resources on my >> desktop or backing up files to my laptop. >> >> From what I have read. denyhosts and fail2ban are the same, the only >> difference is fail2ban requires more maintenance and has more options. >> If >> I am just trying to turn my desktop into a file server whats the best >> option here? >> >> -- >> Stephen Melheim >> 602-400-7707 >> SMelheim85@gmail.com >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss