what's so insecure about having a password authenticationed public facing ssh port
What's so insecure about having a password authenticationed public facing ssh...
Other urls found in this thread:
Nothing at all. Just have a complex password, or better, whitelist your IPs
chinese bots will spam your server with login requests, change the default port
i block third world IPs and have fail2ban
he uses password authentication
Just whitelist your ip you dumbfuck
Don't allow root. Always use a username and a password and then su. Also because of obscurity reasons change the port to something above 20000 because most chinese scanner never go over this. I think this is better than having a key which you have to secure anyways too or always watch out that nobody gets your usb stick or something.
ISP changes your IP
cant log in anymore
Rent out a static IP
I wanna fug Fujino
This is also fucking stupid. Now you only have one IP and getting banned somewhere means you are fucked. At least with a dynamic IP it changes to get around this. My ISP even changes the first octett after a few disconnects, so banning me will be crazily annoying.
I had one and my ISP randomly changed it after I had the same for 3 years. Caused all kinds of problems with stuff I used IP whitelist for.
Generally all of china can try passwords on your server all day long.
Not that insecure, really, but why take the risk?
Clearly this is not for you then. You can choose Complex password and fail2ban to block any bots trying incorrect passwords. You can also blacklist based on regions
I dont, it was just a recommendation for OP the fag
Nothing Just use Fail2ban and a strong password and you should be good.
If you're gonna go out of your way to whitelist the IPs you're gonna connect from, you may as well just use ssh keys.
This, blacklist IPs from all nonwhite countries.
He thinks anyone who can reasonably break into his PC can't do a portscan.
nah, people are just to lazy to do it
Chinese bots keep spamming root, user, admin and maintenance. The password doesn't need to be strong just don't allow root over SSH and don't have admin1 as a user and you'll be fine even without fail2ban
This, blacklist IPs from all nonwhite countries.
Where do you even get such lists? If you google for this, you get a billion butthurt leftists being upset at you for being an evil wacist against the poor, poor russians and chinese.
As long as fail2ban is on, nothing really
Even better if you change the port to a non-standard or commonly used alternative. I get about 700 failed attempts per month on my 5 servers
The annoying part isnt 1337 haxxors. Its chinese bot spammers looking for easy targets. They dont do a full port scan because they're scanning the entire internet.
People that do this are aware that anyone who can change the port know they might also have a ratelimit, so they don't bother
IDK if you've heard, but Democrats™ hate Russia now because Putin 1337 toll army is the only reason they lost the election. Anyone calling you a racist for banning foreign IP's is trolling you.
the only reason
No one said that but with an election this close (70K votes in 3 states) it was surely enough to flip the results, you obvious fucking russkie.
if you want to see the girl in OP get fucked, watch "Hatsu Inu"
it was surely enough to flip the results
I don't want to instigate any further political debate, but there's one thing that I'd like to say about the matter. So, let's say the Russians did do whatever you people claim. How is this any different than say, some dipshit on Facebook or Youtube, or even a journalist for some major media company, doing the same thing. I mean, people believe what they want to believe, and there's always outside influences involved when people develop opinions. Who's to say Lord of the Rings isn't subtly influencing peoples political views? Or the current number 1 hit song? The Russian fear mongering really comes off as the behavior you'd expect from a sore loser.
They should have destroyed this board and kept the text one.
The efficacy of any possible attempts by the Russian government to impact the 2016 election aren't relevant. The point is that literally no one is going to seriously call you a racist for blocking foreign IPs.
change ssh to nonstandard port
block all of China and Russia
There you go, you're unhackable.
only allow pkey authentication and fail2ban or you will be attacked by bots
What's so insecure about hosting a publicly facing HTTP server?
You can whitelist a specific user, too. It makes the bots work harder.
His political believe system isn't based on Harry potter
Go home Grampa
if you limit retries and change the default port, not much
like, you still need a good password, but that's it
You know that IP is trivial to spoof right?
The purpose of that isn't to deter a determined attacker who is targeting you specifically, it's to filter out bots which constantly target well-known ports across the entire internet. I even had one trying to conenct to my OpenVPN server once. Obviously that didn't work since they did not have a valid certificate for my server, but they were still fucking trying. Changed the port to some random shit in the 5 digit range and it has been utterly quiet, no connection attempts at all other than the legitimate ones coming from me.
Nothing. Just use keys. Passwords are for gay nigger faggots.
see links in link related
found this in like 15 seconds of searching
Requires more work to make it secure (choosing an adequately complex password and not reusing it from anything else.) Keys are a bit more foolproof in some ways. Nothing wrong with using passwords if you do it right though.