fail2ban VS. denyhost

Ed plug at 0x1b.com
Wed Oct 15 11:02:28 MST 2014


Stephen,

The typical security/access measure is to move the SSH port to a
random high port number, not the standard 22. Your ISP or the ISP your
laptop is connected to may block standard ports, but not likely a high
port number or port 443*. The obscurity of non-standard ports will
force a scanner to trip your fail2ban/denyhosts service, but isn't
really a security feature itself anymore. So, port knocking is also a
good thing to do.

Also, don't use passwords - only certificates - and keep an eye out
for adding 2 factor authentication to your new server as that is on
the horizon for most everyone.

*http://ubuntu-tutorials.com/2013/11/27/tunnel-ssh-over-ssl/

On Wed, Oct 15, 2014 at 10:13 AM, Mike Ballon <mike.ballon at gmail.com> wrote:
> I hear ya knocking...
>
> https://www.digitalocean.com/community/tutorials/how-to-use-port-knocking-to-hide-your-ssh-daemon-from-attackers-on-ubuntu
>
>
> On Wed, Oct 15, 2014 at 1:10 PM, Stephen M <smelheim85 at gmail.com> wrote:
>>
>> I am trying to learn about ssh and remoting into a computer from out of my
>> house.  I have all the ability to do this but I want to make sure my desktop
>> is secured.  I will basically be either using resources on my desktop or
>> backing up files to my laptop.
>>
>> From what I have read.  denyhosts and fail2ban are the same, the only
>> difference is fail2ban requires more maintenance and has more options.  If I
>> am just trying to turn my desktop into a file server whats the best option
>> here?
>>
>> --
>> Stephen Melheim
>> 602-400-7707
>> SMelheim85 at gmail.com
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss


More information about the PLUG-discuss mailing list