1 |
Thanks for all your suggestions... |
2 |
|
3 |
I will look into fail2ban... that might be what I need... While I could |
4 |
crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this |
5 |
(AFAIK) will not persist blocks when the server is powered down or rebooted. |
6 |
|
7 |
I need to retain port 22 and can't easily do port-knocking - since some |
8 |
of the clients I require to connect to my server are in restrictive |
9 |
environments. I've another idea too... I'm happy to entirely cut off |
10 |
all services from any IP that attempts to brute-force SSH passwords... |
11 |
as it is an unequivocal act of aggression that would not arise with any |
12 |
legitimate clients... Another aside is that in some restrictive |
13 |
environments it is hard to securely obtain my private key without first |
14 |
obtaining a secure off-site connection. For this reason, I prefer to |
15 |
have the facility to log in using username/password - my compromise is |
16 |
to make my password extremely complex... plus using a non-obvious |
17 |
user-id, which again hampers attackers. |
18 |
|
19 |
While interesting, I don't think the connection rate limiter is for |
20 |
me... I may want to legitimately make rapid connections at some time or |
21 |
other. :-) |
22 |
-- |
23 |
gentoo-user@l.g.o mailing list |