On Wed, 7 Dec 2016 15:54:46 -0500 Henning Follmann <hfollm...@itcfollmann.com> wrote:
> On Wed, Dec 07, 2016 at 11:28:53PM +0300, Reco wrote: > > Hi. > > > > On Wed, 7 Dec 2016 21:14:51 +0200 > > Antti Talsta <atal...@nothingtosee.org> wrote: > > > > > On Wed, Dec 07, 2016 at 01:49:34PM -0500, Greg Wooledge wrote: > > > > > > > Changing the port at least decreases the number of brute force attacks > > > > against you, which saves resources (bandwidth, CPU) that are otherwise > > > > wasted by the attackers. > > > > > > How about fail2ban for that? > > > > How fail2ban can help against an army of bots trying one single > > password per bot? > > > That actually works well. Usually it's multiple attempts from one ip. > fail2ban catches exactly that. And then blacklists that ip. Probably it is so. It's been awhile since I ran publicly accessible sshd on port 22 with password authentication enabled. Personally I prefer a bunch of simple iptables rules to fail2ban though. After all, why bother running a userspace tool, if you can force the kernel itself to do the job? Reco