Lew Wolfgang wrote:
On 1/17/19 5:49 AM, Per Jessen wrote:
Peter Suetterlin wrote:
Patrick Shanahan wrote:
if you are not running a server, don't install fail2ban.
Any reasoning for this? I definitely disagree. Anything that has an open ssh port should run it IMHO. And that's more than just servers.... Alternatively - use keys for ssh, and that problem is gone. Or if that's too cumbersome, move ssh to a higher port. Works wonders.
Security through obscurity? What could possibly go wrong?
Hi Lew Obviously YMMV, but we had a number of systems where we didn't want to use keys (can't remember why, it's 10+ years ago), moving the port was sufficient to stop the brute force attacks. At the time, someone also suggested picking a new port every day, but we never implemented that. Today, I would insist on using keys. -- Per Jessen, Zürich (-1.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org