New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
This is so unnecessary.
We are in 2019. Your server is powerful enough to handle a few thousands of brute force logins.
Yes, yes it is. However, do you really want them to have unlimited attempts at guessing correct credentials? No. I've always used fail2ban to ban logins after 5 fails for 24 hours.
If you want that a stranger, touches your nuts, multiple times while you go over the street, okay then.
I prefer, firewalls, thats that millennials thing, it works.
Besides, who knows, maybe there are security holes in SSH2, which are big enough, to fuck everyone without firewalls.
So I do suggest, firewalling, instead of going the yolo way.
LET comment of the week.
Anyway, port knocking sounds like a great concept. Going to try it.
-hosts.allow
-only permit SSH key to login
Both are more efficient than firewalling the whole world off.
So I do suggest, firewalling, instead of going the yolo way.
Within the scope of this thread, it's not really unlimited when you have fail2ban or CSF installed.
Whitelisting is good when the server is not public or used by multiple users.