Question

SSH Key pairs/password Fail2Ban. What is a relevant security level?

Posted October 11, 2013 4.3k views
If I have fail2ban installed is there any point to move ssh on another port than 22 or use SSH key pair instead of password? I mean, how big is the probability that anyone would pass the fail2ban protection + UFW anyway if I also have disabled the root user and have a 20+ char strong password?
Add a comment
asterixzzz
By:
asterixzzz

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
pablo October 11, 2013
"... how big is the probability...."

Big enough to convince most authors of security best practices that the default SSH port should be changed to a non-standard port. Despite having fail2ban installed, you can not afford to ignore the fact that bugs are an inherent part of software development. What if down the road there's a bug that disables fail2ban's protections?

RE: passwords

The consensus seems to be that key-based authentication is more secure.
Reply Report
asterixzzz October 13, 2013
OK, thanks. I just have to find out how to use password protected key with Sublime text SFTP plugin then... :-) What about port knocking techniques? Like:

${IPTABLES} -A INPUT -p tcp --dport 3456 -m recent --set --name portknock
${IPTABLES} -A INPUT -p tcp --syn --dport 22 -m recent --rcheck \
--seconds 60 --name portknock -j ACCEPT
${IPTABLES} -A INPUT -p tcp --syn --dport 22 -j DENY
Reply Report

Looking for something else?

Ask a new question Search for more help