6
Fail2ban Sucks (j3s.sh)
submitted 9 months ago by haxor@derp.foo to c/hackernews@derp.foo
3 comments fedilink hide all child comments

There is a discussion on Hacker News, but feel free to comment here as well.

you are viewing a single comment's thread
view the rest of the comments
[-] thisisawayoflife@lemmy.world 3 points 9 months ago

This person is not wrong. Still, I have f2b setup for ssh on all my externally available hosts, banning after the first login failure. When using pre shared keys in the server (with sshd configured, not using defaults) and an ssh config on the client that defines each host and key combo, it's impossible to fail login, ever. I have never been burned by using this method and it's been in place in all my hosts, starting many years ago.

I feel like a lot of sshd hardening tuts overlook client configuration. That is the piece that makes ssh very easy to work with from a user's perspective.

this post was submitted on 01 Jan 2024
6 points (75.0% liked)

Hacker News

14 readers
2 users here now

This community serves to share top posts on Hacker News with the wider fediverse.

Rules0. Keep it legal

  1. Keep it civil and SFW
  2. Keep it safe for members of marginalised groups

founded 1 year ago
MODERATORS
haxor@derp.foo