What's so insecure about having a password authenticationed public facing ssh...

Nathaniel Walker
Nathaniel Walker

what's so insecure about having a password authenticationed public facing ssh port

Attached: db9dd0e4.jpg (23 KB, 448x507)

Other urls found in this thread:

booksdescr.org/item/index.php?md5=08FD60C1F0B43AF4B8810899D6CB0024
github.com/trick77/ipset-blacklist/blob/master/ipset-blacklist.conf

Charles Lopez
Charles Lopez

Nothing at all. Just have a complex password, or better, whitelist your IPs

Cooper Hernandez
Cooper Hernandez

chinese bots will spam your server with login requests, change the default port

Jackson Bennett
Jackson Bennett

i block third world IPs and have fail2ban

Brayden Martinez
Brayden Martinez

he uses password authentication

Gabriel Turner
Gabriel Turner

Just whitelist your ip you dumbfuck

Jaxon Jackson
Jaxon Jackson

Don't allow root. Always use a username and a password and then su. Also because of obscurity reasons change the port to something above 20000 because most chinese scanner never go over this. I think this is better than having a key which you have to secure anyways too or always watch out that nobody gets your usb stick or something.

Juan Walker
Juan Walker

ISP changes your IP
cant log in anymore

Jackson Reyes
Jackson Reyes

Rent out a static IP

Brandon Hall
Brandon Hall

I wanna fug Fujino

Charles Hill
Charles Hill

This is also fucking stupid. Now you only have one IP and getting banned somewhere means you are fucked. At least with a dynamic IP it changes to get around this. My ISP even changes the first octett after a few disconnects, so banning me will be crazily annoying.

Juan Hughes
Juan Hughes

I had one and my ISP randomly changed it after I had the same for 3 years. Caused all kinds of problems with stuff I used IP whitelist for.

Alexander Lee
Alexander Lee

Generally all of china can try passwords on your server all day long.
Not that insecure, really, but why take the risk?

Leo Green
Leo Green

Shitty ISP
Clearly this is not for you then. You can choose Complex password and fail2ban to block any bots trying incorrect passwords. You can also blacklist based on regions

Lincoln Rivera
Lincoln Rivera

I dont, it was just a recommendation for OP the fag

Josiah Russell
Josiah Russell

Nothing Just use Fail2ban and a strong password and you should be good.
If you're gonna go out of your way to whitelist the IPs you're gonna connect from, you may as well just use ssh keys.
This, blacklist IPs from all nonwhite countries.

Liam Rivera
Liam Rivera

He thinks anyone who can reasonably break into his PC can't do a portscan.
Noice

Jeremiah Young
Jeremiah Young

nah, people are just to lazy to do it

Ian Richardson
Ian Richardson

Chinese bots keep spamming root, user, admin and maintenance. The password doesn't need to be strong just don't allow root over SSH and don't have admin1 as a user and you'll be fine even without fail2ban

Jack Myers
Jack Myers

This, blacklist IPs from all nonwhite countries.
Where do you even get such lists? If you google for this, you get a billion butthurt leftists being upset at you for being an evil wacist against the poor, poor russians and chinese.

Jose Miller
Jose Miller

As long as fail2ban is on, nothing really
Even better if you change the port to a non-standard or commonly used alternative. I get about 700 failed attempts per month on my 5 servers

Adrian Reed
Adrian Reed

The annoying part isnt 1337 haxxors. Its chinese bot spammers looking for easy targets. They dont do a full port scan because they're scanning the entire internet.

Jaxson Martinez
Jaxson Martinez

People that do this are aware that anyone who can change the port know they might also have a ratelimit, so they don't bother

Attached: file.png (156 KB, 334x459)

Jacob Green
Jacob Green

IDK if you've heard, but Democrats™ hate Russia now because Putin 1337 toll army is the only reason they lost the election. Anyone calling you a racist for banning foreign IP's is trolling you.

Jonathan Peterson
Jonathan Peterson

the only reason
No one said that but with an election this close (70K votes in 3 states) it was surely enough to flip the results, you obvious fucking russkie.

Parker Myers
Parker Myers

if you want to see the girl in OP get fucked, watch "Hatsu Inu"

Sebastian Hernandez
Sebastian Hernandez

it was surely enough to flip the results
I don't want to instigate any further political debate, but there's one thing that I'd like to say about the matter. So, let's say the Russians did do whatever you people claim. How is this any different than say, some dipshit on Facebook or Youtube, or even a journalist for some major media company, doing the same thing. I mean, people believe what they want to believe, and there's always outside influences involved when people develop opinions. Who's to say Lord of the Rings isn't subtly influencing peoples political views? Or the current number 1 hit song? The Russian fear mongering really comes off as the behavior you'd expect from a sore loser.

John Morris
John Morris

They should have destroyed this board and kept the text one.

The efficacy of any possible attempts by the Russian government to impact the 2016 election aren't relevant. The point is that literally no one is going to seriously call you a racist for blocking foreign IPs.

Aiden Howard
Aiden Howard

change ssh to nonstandard port
fail2ban
block all of China and Russia
There you go, you're unhackable.

Wyatt Ross
Wyatt Ross

only allow pkey authentication and fail2ban or you will be attacked by bots

Joshua Powell
Joshua Powell

What's so insecure about hosting a publicly facing HTTP server?

Oliver Long
Oliver Long

You can whitelist a specific user, too. It makes the bots work harder.

James Walker
James Walker

His political believe system isn't based on Harry potter
Go home Grampa

Isaiah Allen
Isaiah Allen

if you limit retries and change the default port, not much
like, you still need a good password, but that's it

Chase Allen
Chase Allen

You know that IP is trivial to spoof right?

Ian Myers
Ian Myers

booksdescr.org/item/index.php?md5=08FD60C1F0B43AF4B8810899D6CB0024

Aiden Jones
Aiden Jones

The purpose of that isn't to deter a determined attacker who is targeting you specifically, it's to filter out bots which constantly target well-known ports across the entire internet. I even had one trying to conenct to my OpenVPN server once. Obviously that didn't work since they did not have a valid certificate for my server, but they were still fucking trying. Changed the port to some random shit in the 5 digit range and it has been utterly quiet, no connection attempts at all other than the legitimate ones coming from me.

Grayson Myers
Grayson Myers

Nothing. Just use keys. Passwords are for gay nigger faggots.

Bentley Garcia
Bentley Garcia

kek

Nolan Jackson
Nolan Jackson

see links in link related
github.com/trick77/ipset-blacklist/blob/master/ipset-blacklist.conf

found this in like 15 seconds of searching

Oliver Lopez
Oliver Lopez

Requires more work to make it secure (choosing an adequately complex password and not reusing it from anything else.) Keys are a bit more foolproof in some ways. Nothing wrong with using passwords if you do it right though.

Disable AdBlock to view this page

Disable AdBlock to view this page

Confirm your age

This website may contain content of an adult nature. If you are under the age of 18, if such content offends you or if it is illegal to view such content in your community, please EXIT.

Enter Exit

About Privacy

We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our advertising and analytics partners.

Accept Exit