| Victor on 26 Jul 2017 07:29:48 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] SSH Hardening : Request for Best Practices |
I'm very confident with key based authentication & a solid pass phrase applied to the key as Robert suggests. The pass phrase can be hashed many times (e.g. bcrypt) which would take way too much time & processing power should someone who obtained yourssh key then attempt to crack the pass phrase. The aforementioned key generation & a lot of great info about cipher selection to make your connection & key exchange even more secure can be in a guide I typically follow here: https://sysadministrivia.com/news/hardening-ssh-security Consider adding fail2ban for additional protection. Does anyone use port knocking? That was a thing for a while. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug