Hacker News new | ask | show | jobs
by simon_vetter 4017 days ago
I would recommend sshguard [1] as a fail2ban replacement. It does much of what fail2ban used to do out of the box and has supported ipv6 for a long, long time.

It is packaged in debian, ubuntu and probably other major distros these days.

[1] http://www.sshguard.net/
2 comments
simoncion 4017 days ago
shrug I would recommend deactivating password logins and using only key-based logins.

In the many, many, many months I've had my internet-facing IPv6-enabled SSH servers online, I've only received one bogus SSH connection attempt from an IPv6 address at the University of Michigan.

link
ams6110 4016 days ago
That will change though. I receive hundreds of IPv4 connection attempts every day, as more systems move to IPv6 so will the attacks.

Interesting though is that covering the entire IPv6 space is a much larger task. That should hold down the volume of random attempts for a while, just by dilution effect.

link
ars 4016 days ago
> I would recommend deactivating password logins and using only key-based logins.

I do that when I can, but sometimes it's not possible.

Also, fail2ban works for other things besides ssh, which I need.

link
ars 4016 days ago
Thanks for the tip! sshguard seems better than fail2ban.
link