Re: fail2ban VS. denyhost

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MEd at <-
Mjill at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: techlists@phpcoderusa.com
Date:  
To: Main PLUG discussion list
Subject: Re: fail2ban VS. denyhost


If you always connect via the same remote IP you can block all IP's
except that one using IPTables, and you can take it right down to the
port.




On 2014-10-15 13:02, Ed wrote:
> Stephen,
>
> The typical security/access measure is to move the SSH port to a
> random high port number, not the standard 22. Your ISP or the ISP your
> laptop is connected to may block standard ports, but not likely a high
> port number or port 443*. The obscurity of non-standard ports will
> force a scanner to trip your fail2ban/denyhosts service, but isn't
> really a security feature itself anymore. So, port knocking is also a
> good thing to do.
>
> Also, don't use passwords - only certificates - and keep an eye out
> for adding 2 factor authentication to your new server as that is on
> the horizon for most everyone.
>
> *http://ubuntu-tutorials.com/2013/11/27/tunnel-ssh-over-ssl/
>
> On Wed, Oct 15, 2014 at 10:13 AM, Mike Ballon <>
> wrote:
>> I hear ya knocking...
>>
>> https://www.digitalocean.com/community/tutorials/how-to-use-port-knocking-to-hide-your-ssh-daemon-from-attackers-on-ubuntu
>>
>>
>> On Wed, Oct 15, 2014 at 1:10 PM, Stephen M <>
>> wrote:
>>>
>>> I am trying to learn about ssh and remoting into a computer from out
>>> of my
>>> house. I have all the ability to do this but I want to make sure my
>>> desktop
>>> is secured. I will basically be either using resources on my desktop
>>> or
>>> backing up files to my laptop.
>>>
>>> From what I have read. denyhosts and fail2ban are the same, the only
>>> difference is fail2ban requires more maintenance and has more
>>> options. If I
>>> am just trying to turn my desktop into a file server whats the best
>>> option
>>> here?
>>>
>>> --
>>> Stephen Melheim
>>> 602-400-7707
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: fail2ban VS. denyhostinternet problem->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)