On 17/01/2019 19.31, Lew Wolfgang wrote:
On 1/17/19 5:49 AM, Per Jessen wrote:
Peter Suetterlin wrote:
Patrick Shanahan wrote:
if you are not running a server, don't install fail2ban.
Any reasoning for this? I definitely disagree. Anything that has an open ssh port should run it IMHO. And that's more than just servers.... Alternatively - use keys for ssh, and that problem is gone. Or if that's too cumbersome, move ssh to a higher port. Works wonders.
Security through obscurity? What could possibly go wrong?
Actually, it works fantastically. And arguably, it is not "obscurity". Consider your door key: it has a number of notches, perhaps eight, in different height values, perhaps twenty (guessing, I'm not a locksmith). You can do the math and find out the number of combinations: it is finite and not astronomical. You can sequentially try every combination of "mechanical key values" and finally you open the door without "breaking" it. Ie, find the correct key. This is the same: the attacker has to poll every port in order to find the correct one. Sixty something thousand combinations. It is just a key with not a huge number of combinations: and it works, only people that really want your machine try to enter. The scripts usually abandon and try another host. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)