6
Fail2ban Sucks (j3s.sh)
submitted 9 months ago by haxor@derp.foo to c/hackernews@derp.foo
3 comments fedilink hide all child comments

There is a discussion on Hacker News, but feel free to comment here as well.

top 3 comments
sorted by: hot top controversial new old
[-] thisisawayoflife@lemmy.world 3 points 9 months ago

This person is not wrong. Still, I have f2b setup for ssh on all my externally available hosts, banning after the first login failure. When using pre shared keys in the server (with sshd configured, not using defaults) and an ssh config on the client that defines each host and key combo, it's impossible to fail login, ever. I have never been burned by using this method and it's been in place in all my hosts, starting many years ago.

I feel like a lot of sshd hardening tuts overlook client configuration. That is the piece that makes ssh very easy to work with from a user's perspective.

[-] skankhunt42@lemmy.ca 2 points 9 months ago* (last edited 9 months ago)

You will very likely waste hours of your life. you will have to google "rsync ssh non standard port" every time you want to use rsync. you will have to remember scp flags. this is also bad. probably worse.

I feel personally attacked. I use an SSH config file so its not a problem (anymore) but wow.

[-] Turbo@lemmy.ml 1 points 9 months ago

Feels like a low effort rant

this post was submitted on 01 Jan 2024
6 points (75.0% liked)

Hacker News

14 readers
2 users here now

This community serves to share top posts on Hacker News with the wider fediverse.

Rules0. Keep it legal

  1. Keep it civil and SFW
  2. Keep it safe for members of marginalised groups

founded 1 year ago
MODERATORS
haxor@derp.foo