-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Here's an interesting and relevant talk on SSH security:
http://www.bsdcan.org/2013/schedule/events/403.en.html
On 11/18/2014 12:38 PM, Kevin de Bie wrote:
Fail2Ban works really well. Shifting to a non standard port only stops the scriptkids from having too much automated options and does not do anything for actual security. For this reason I personally never bothered with that. Non standard username and password auth with fail2ban makes brute forcing practically impossible, this is usually how I have things configured.
Op 17:46 di 18 nov. 2014 schreef Zack Weinberg <zackw@cmu.edu mailto:zackw@cmu.edu>:
On Tue, Nov 18, 2014 at 11:15 AM, Toralf Förster <toralf.foerster@gmx.de mailto:toralf.foerster@gmx.de> wrote:
On 11/18/2014 04:28 PM, Jeroen Massar wrote:
People should realize though that it is not 'safer' in any way
running
SSH on another port.
But it is (slightly) more expensive - which counts, or ?
In my limited experience, moving SSH to another port made no apparent difference to the number of random attempts to break in. I'd recommend fail2ban or equivalent instead.
zw _________________________________________________ tor-relays mailing list tor-relays@lists.torproject.__org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/__cgi-bin/mailman/listinfo/tor-__relays
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays