I travel quite a lot and do not always have access to all my keys. Although
I do not often have to access the Xen shell, it would be very difficult if
both were key only. It makes absolute sense to make port 22 key only, but
if 922 were password as well it would be helpful. I use nonstandard ports
for access to SSH on my VPS and as soon as I changed it I noticed a big
change in my fail2ban logs.
One other thing I have done is to set up ipset, No one should ever attempt
to connect to port 22 on my machines so I have iptables add any that do to
an ipset which is then blocked from any port. But that may not be possible
for the Bitfolk set up
On 2 March 2018 at 19:48, Gavin Westwood <
bitfolk-lists-2015@???> wrote:
> On 02/03/2018 11:11, Andy Smith wrote:
> > Hi,
> >
> > The level of SSH scanning is getting ridiculous.
> >
> > Here's some stats on the number of Fail2Ban bans across all Xen
> > Shell hosts in the last 7 days:
> <snip>
>
> Something that you, Andy, and others with a large number of internet
> facing servers might be interested in is this article that I just found
> about sharing the fail2ban information with your other servers:
>
> https://www.blackhillsinfosec.com/configure-distributed-fail2ban/
>
> I hope that's helpful.
>
> Thanks
>
> Gavin
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>
--
Keith Williams
คืนใดมืดที่สุด จะเห็นดาวชัดที่สุด
Wondrous Thai
http://www.wondrousthai.com
FCLT magazine
http://issuu.com/fcltmagazine/docs/fclt_september_2014_issue_1
Farang Can Learn Thai
www.farangcanlearnthai.com
Keith's Place
www.keiths-place.co.uk
Tailor Made English
www.tmenglish.org
