I wouldn't bother with fail2ban considering password based SSH logins are disabl... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

magnetikonline on March 4, 2013 | parent | context | favorite | on: How I spend my first 5 minutes on a server

I wouldn't bother with fail2ban considering password based SSH logins are disabled (which is good).

Since the author is using ufw to control iptables, better to just use "ufw limit" rules for SSH port 22 to slow down the rate of any automated SSH bots trying to give your server a workout.

danieldk on March 4, 2013 [–]

Indeed. I have always been a bit worried about such approaches, since they parse log files and attackers have some control over what is written to log files (user names and host names).

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact