Recent searches
Search options
It's crazy to watch the auth.log on a system with an Internet exposed port 22. Seriously.
@mike we have a honey pot system that does that then publishes the results
I'm sure it's terrifying. I'd either use tailscale or port knocking. :E
I've heard that, although I don't fully understand the reasoning.
@mike It's insane to me that fail2ban isn't preinstalled/configured with defaults for, at the very least, cloud images of popular OSes.
@mike ha, yep. Fail2ban is basically a mandatory install if port 22 is open!
@mike I just disable password auth. Nobody is going to guess my private key.
@vitSkalicky @mike yes, disabling password auth and enabling fail2ban are the two essential configurations I do on every system that needs public ssh.
We once took over a legacy server from another company, with some software we planned to migrate. As the server was supposed to be put out of service nobody paid much attention to the config. Turned out it had password auth enabled and likely a weak password. Took only a couple of days and the system was breached and backdoored :/
@outsidecontext @mike But does fail2ban achieve anything useful if password auth is disabled?
@vitSkalicky @mike less so, but I think it still helps to discourage attackers from probing the server. And certain security issues often still require attackers to try many requests.
@vitSkalicky Same idea here.
@mike why would u even do that? wasted disk space ;)