undefined | Better HN

0 pointsPhilipRoman1y ago0 comments

Changing the default port - yeah, works wonders for reducing noise. But I don't understand why people run fail2ban. Nobody is going to be brute forcing a ssh login, all it does is add another moving part very close to a security boundary for very little gain.

0 comments

tetris111y ago

Yes they do. I had a colleague who opened up his machine to another using the logon "remote" and let them set the password.

It was cracked the next day. It turns out having 12345678 is probably a bad password.

gnabgib1y ago

Have you recently run a server? It takes a week-month before your ssh port is published on shodan/binaryedge/censys/criminalIP and other dodgy scanners.. and then you can expect constant attention, and yes.. 14691 attempted logins for every username possible (even though password login is turned off) from the same IP (usually a VPN, tor exit, or "crowdsourced VPN")

KomoD1y ago

> Nobody is going to be brute forcing a ssh login

Uh what? Yes people do...

j / k navigate · click thread line to collapse