Fred Stluka via plug on 24 Mar 2021 14:10:24 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Web Ass Pfirewall |
Michael, Yes, use SSH keys, and disallow login via mere passwords. But don't do this INSTEAD of running fail2ban. Run fail2ban ALSO. SSH keys are great for ssh logins, and for scp, sftp, rsync, and others that use SSH as a transport layer. And for ssh tunnels. But not much help for your public-facing HTTP server, FTP server (if you have to have one because you have some clients still clinging to their old Windows PCs), SMTP server, POP/IMAP server, etc. You need both. True? --Fred ------------------------------------------------------------------------ Fred Stluka -- http://bristle.com -- Glad to be of service! Open Source: Without walls and fences, we need no Windows or Gates. ------------------------------------------------------------------------ On 3/24/21 4:50 PM, Michael Lazin via plug wrote:
It can make some server load but if you are going to use fail2ban you can automatically report attacking IP addresses using this premade code on blocklist.de <http://blocklist.de>,http://www.blocklist.de/en/index.html <http://www.blocklist.de/en/index.html>A friend of a friend runs this, I have used this before, it makes some server load so keep it in mind.Really it is better to use ssh key pairs to avoid brute-force ssh attacks than using fail2ban. Both Microsoft and Amazon force this by default with their hosting. It is a good solution, and relatively easy to set up. I have found github has very good documentation on generating ssh key pairs.Thanks, Michael Lazin .. τὸ γὰραὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.On Wed, Mar 24, 2021 at 4:38 PM Fred Stluka via plug <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> wrote:Keith, > Iptables is still pretty good for blocking / choking traffic. You can > automatically block bad actors / abusive IPs by using the various > limit modules. One of my favorite rules simply blocks SSH ingress > based on packets per hour. You exceed the limit, you get blocked for > a certain amount of time. Can you do that with iptables alone? Or does it need something like fail2ban to change the iptables rules dynamically? > It works beautifully and is just one rule. Care to post the rule? Thanks! --Fred ------------------------------------------------------------------------ Fred Stluka -- http://bristle.com <http://bristle.com> -- Glad to be of service! Open Source: Without walls and fences, we need no Windows or Gates. ------------------------------------------------------------------------ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org <http://www.phillylinux.org> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce <http://lists.phillylinux.org/mailman/listinfo/plug-announce> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <http://lists.phillylinux.org/mailman/listinfo/plug> ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug