On Wed, 7 Dec 2016 15:54:46 -0500
Henning Follmann <hfollmann@itcfollmann.com> wrote:
On Wed, Dec 07, 2016 at 11:28:53PM +0300, Reco wrote:
> Hi.
>
> On Wed, 7 Dec 2016 21:14:51 +0200
> Antti Talsta <atalsta@nothingtosee.org> wrote:
>
> > On Wed, Dec 07, 2016 at 01:49:34PM -0500, Greg Wooledge wrote:
> >
> > > Changing the port at least decreases the number of brute force attacks
> > > against you, which saves resources (bandwidth, CPU) that are otherwise
> > > wasted by the attackers.
> >
> > How about fail2ban for that?
>
> How fail2ban can help against an army of bots trying one single
> password per bot?
>
That actually works well. Usually it's multiple attempts from one ip.
fail2ban catches exactly that. And then blacklists that ip.
Probably it is so. It's been awhile since I ran publicly accessible
sshd on port 22 with password authentication enabled.
Personally I prefer a bunch of simple iptables rules to fail2ban
though. After all, why bother running a userspace tool, if you can
force the kernel itself to do the job?