Public
- Public
- Network
- Groups
- Popular
- People

Conversation

Notices

framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Thursday, 23-Nov-2023 17:15:58 JST framebuffer :archlinux: :gentoo: :tuxspin:

it's a good practice to keep the botnets away from bruteforcing your server by banning them, restricting login to use with keys only, isolate things etc.

In conversation about a year ago from den.raccoon.quest permalink
- † top dog :pedomustdie: (dcc@annihilation.social)'s status on Thursday, 23-Nov-2023 17:15:56 JST † top dog :pedomustdie:
  in reply to
  - Dushman
  @dushman @fuzzylinuxuser Fail2ban is trash
  Either do port knocking, or hide it behind a vpn.
  
  In conversation about a year ago permalink
- Dushman (dushman@den.raccoon.quest)'s status on Thursday, 23-Nov-2023 17:15:57 JST Dushman
  in reply to
  
  @fuzzylinuxuser
  Yeah always use fail2ban on ssh servers open to the public internet
  
  In conversation about a year ago permalink
- † top dog :pedomustdie: (dcc@annihilation.social)'s status on Thursday, 23-Nov-2023 17:19:33 JST † top dog :pedomustdie:
  in reply to
  - Dushman
  @dushman @fuzzylinuxuser You can ban your self, port knocking is more effective anyways.
  
  In conversation about a year ago permalink
- Dushman (dushman@den.raccoon.quest)'s status on Thursday, 23-Nov-2023 17:19:34 JST Dushman
  in reply to
  - † top dog :pedomustdie:
  @dcc@annihilation.social @fuzzylinuxuser@den.raccoon.quest Fail2ban is trashit works well 🗞
  
  In conversation about a year ago permalink
- † top dog :pedomustdie: (dcc@annihilation.social)'s status on Thursday, 23-Nov-2023 17:22:50 JST † top dog :pedomustdie:
  in reply to
  - Dushman
  @fuzzylinuxuser @dushman Thats almost what port knocking is.
  
  In conversation about a year ago permalink
- framebuffer :archlinux: :gentoo: :tuxspin: (fuzzylinuxuser@den.raccoon.quest)'s status on Thursday, 23-Nov-2023 17:22:51 JST framebuffer :archlinux: :gentoo: :tuxspin:
  in reply to
  - † top dog :pedomustdie:
  - Dushman
  @dcc@annihilation.social @dushman@den.raccoon.quest Would it be beneficial to automatically close ports after logging out and then re-authenticate to the server, opening the port?
  
  In conversation about a year ago permalink
- menherahair (menherahair@eientei.org)'s status on Thursday, 23-Nov-2023 18:24:43 JST menherahair
  in reply to
  - Dushman
  @dushman @fuzzylinuxuser do this and one of these modern ciphers is gonna get pwned one day and you'll never fix the setting because you copy config lines from fediverse posts
  
  In conversation about a year ago permalink
  
  † top dog :pedomustdie: likes this.
- Dushman (dushman@den.raccoon.quest)'s status on Thursday, 23-Nov-2023 18:24:44 JST Dushman
  in reply to
  
  @fuzzylinuxuser
  Also I recommend enforcing only modern ciphers on your ssh server as well. Just slap this in sshd config. # Ciphers and keying MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256@libssh.org,curve25519-sha256,ecdh-sha2-nistp384
  
  In conversation about a year ago permalink

Public

Conversation

Notices

Feeds