By asterixzzz
If I have fail2ban installed is there any point to move ssh on another port than 22 or use SSH key pair instead of password? I mean, how big is the probability that anyone would pass the fail2ban protection + UFW anyway if I also have disabled the root user and have a 20+ char strong password?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
<b>“… how big is the probability…”</b> <br> <br>Big enough to convince most authors of security best practices that the default SSH port should be changed to a non-standard port. Despite having fail2ban installed, you can not afford to ignore the fact that bugs are an inherent part of software development. What if down the road there’s a bug that disables fail2ban’s protections? <br> <br>RE: passwords <br> <br>The consensus seems to be that key-based authentication is more secure.
OK, thanks. I just have to find out how to use password protected key with Sublime text SFTP plugin then… :-) What about port knocking techniques? Like:
<br>
<br>${IPTABLES} -A INPUT -p tcp --dport 3456 -m recent --set --name portknock
<br>${IPTABLES} -A INPUT -p tcp --syn --dport 22 -m recent --rcheck
<br> --seconds 60 --name portknock -j ACCEPT
<br>${IPTABLES} -A INPUT -p tcp --syn --dport 22 -j DENY
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.