科技回声

Is there any point in Fail2ban if you're using keys and have disabled passwords? I guess defense in depth and all that

There are a few other posts on HN with the same title. Some things to also consider that I had not seen mentioned: PCI CIS Etc…<p>Include many more things specifically around ssh that you can do outside of fail2ban, also things that are requirements for the above….<p>These posts are good but slightly miss a lot of security practices that are “standard”. As always the best security is not allowing the system to be connected to anything. But in the event that you have to have a system with such availability, it’s always best to introduce at least CIS foundations and whatever you see fit for security. Just my .02..

This is neat. Modern take and very pragmatic.

After following this guide, all requests to my website time out, so I guess it's secure!

I'm surprised my post made it to HN :D

Is there any point in Fail2ban if you're using keys and have disabled passwords? I guess defense in depth and all that

This is neat. Modern take and very pragmatic.

After following this guide, all requests to my website time out, so I guess it's secure!

I'm surprised my post made it to HN :D

Securing a Linux Server

5 条评论

Securing a Linux Server

5 条评论