Re: [tor-relays] List of Relays' Available SSH Auth Methods

On 2014-11-18 18:46, Jeroen Massar wrote:

Hence lets make a little list for clarity in order of "should at least do":

• Use SSH Authentication
• Disable Password Authentication
• Use Fail2ban
• Restrict on IP address (no need for fail2ban then)

Additionally - with ssh over hidden services:

HiddenServiceDir /var/lib/tor/hidden_ssh/ HiddenServicePort 22 127.0.0.1:22

there is no need to open any ssh-port. Works very well for my relay 'TorMachine'. No trouble with brute force attacks, huge logfiles and so on.