Hacker News new | ask | show | jobs
by lqet 2103 days ago
Dito, a combination of forbidden root login, an obscure username, fail2ban and disabled password authentication worked well for me for the last 10 years. It's also quite simple to set up. The important part is to double and triple-check each step so that you don't lock yourself out (which has happened to me multiple times in the past, of course).
1 comments
sneak 2103 days ago
You don't need fail2ban if you've disabled password authentication. fail2ban exists to prevent password bruteforcing attempts.
link
lqet 2103 days ago
True, but I still prefer to completely block IPs who tried to log in via SSH and failed multiple times.
link
TheAdamAndChe 2103 days ago
Sure, but enforcing best practices at all times can be tedious and unnecessary sometimes.
link