18 Nov
2014
18 Nov
'14
8:55 p.m.
On 2014-11-18 18:46, Jeroen Massar wrote:
Hence lets make a little list for clarity in order of "should at least do":
- Use SSH Authentication - Disable Password Authentication - Use Fail2ban - Restrict on IP address (no need for fail2ban then)
Additionally - with ssh over hidden services: HiddenServiceDir /var/lib/tor/hidden_ssh/ HiddenServicePort 22 127.0.0.1:22 there is no need to open any ssh-port. Works very well for my relay 'TorMachine'. No trouble with brute force attacks, huge logfiles and so on.