Today's thread is mostly useful if you're using SSH...

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
12,656
Reaction score
11,607
Credits
104,294
For those that don't know, there's an attack method known as brute-force. If you have anything on the public internet. some bot is going to at least probe it eventually. If they detect a running SSH instance, they may then try various attacks - such as brute-forcing the credentials. While this isn't the quickest way into a system, it'll eventually work (given enough time and effort).

Well, you can put a stop to that (more or less). The tool you're looking for is fail2ban. I've wanted to cover this for quite a while, but there's a whole lot to it, specifically with the configuration file. I don't delve into that. I figure folks can read well enough and the configuration file is pretty clear about what the options do. I do explain how to make your configuration file the right way. I do not explain how to enable sendmail because the article is already very long and that's a fine article for another day.


This is another long article. You have been warned!

So, even if you're just using SSH at your house - check to make sure your router isn't forwarding to SSH. If it is, or if you're worried about unknown computers on your home network, do the right things to secure it. That includes things like changing the default port and installing fail2ban. You don't even have to do much after you install fail2ban. The defaults are perfectly adequate for many users. You can be just fine with the defaults and never once tweaking the configuration.

You can tweak it. There are so many features! But, you don't have to. Just the default is pretty solid.
 

Members online


Top