Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

SSH Security Article Idea - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

SSH Security Article Idea

2»

Comments

  • TheRedFoxTheRedFox Member

    @nunim said:
    Looks pretty nice, however you should be extremely weary of handing over root access control to a 3rd party company. What if their servers are down?

    The one-time passwords do work when the servers are offline, comparable to a RSA SecureID.

    Also, the duo auth application can't download and execute code or run commands sent by a server. (UNIX auth part is open source, so you can audit yourself)

  • MunMun Member

    For SSH security on a webserver you could.

    Install cloudflare for your sites.
    Install my ASN black list for certain bad ASNS such as the Chinese ones.
    Install fail2ban or denyhosts.
    change SSH port.

    Should give you a very very tough security.

  • MicrolinuxMicrolinux Member
    edited August 2014

    @Mark_R said:
    Well, its still a unnecessary and racist thing to do.

    It's less racist than reality. A huge amount of this traffic comes from China. A huge amount also comes from the US and plenty of other countries. If you don't have a any legitimate need for traffic from China, or whatever country, then it's "racist" to block it?

    Racist would be "I don't want those slanty-eyed bastards docking their sampans to my server", not "I want to block login attempts from a country where large amounts are originating, and I don't expect any legitimate traffic from.".

    Human nature is to make mistakes, we all do and all will. The more layers of security, the more someone has to bungle to expose security risks.

    Thanked by 1Nickk
  • alexhalexh Member

    Mark_R said: The only true problem would be that little bit of bandwidth that goes to waste. Again, setup proper and strong security mechanisms and you dont need to block an entire country.

    Come on; He's trying to help people. Asking his reasoning would've been enough. Continuing/creating an argument about political issues in a technical thread wasn't necessary.

    From what I understand, from a technical point of view, using country-based block lists can create more resource consumption. It's been a while since working on cPanel, but I specifically remember this from CSF's documentation. I'll only assume this is true given that: a GeoIP database is used to detect country, a user connects, and must have their IP cross-referenced with this large database.

    Raymii said: Plus, china is probably not most people's intended target, at least not mine, so it's fine to block them for me.

    This is a valid point; Many online businesses don't have a large presence in China. Some web hosts even block people in specific countries from signing up with them as a result of a history of abuse from these countries. These actions are the result of continuing trends, and not simply assumption on the companies parts.

Sign In or Register to comment.