some_guy@lemmy.sdf.org to Technology@lemmy.world · 12 days agoI use Zip Bombs to Protect my Serveridiallo.comexternal-linkmessage-square104linkfedilinkarrow-up1578arrow-down115file-text
arrow-up1563arrow-down1external-linkI use Zip Bombs to Protect my Serveridiallo.comsome_guy@lemmy.sdf.org to Technology@lemmy.world · 12 days agomessage-square104linkfedilinkfile-text
minus-squareairgapped@piefed.sociallinkfedilinkEnglisharrow-up13·10 days agoSetting a random SSH port and limiting it to 3/min saw failed login attempts fall by 99% and jailed IPs fall to 0.
minus-squareWFloyd@lemmy.worldlinkfedilinkEnglisharrow-up4·10 days agoI’ve found great success using a hardened ssh config with a limited set of supported Cyphers/MACs/KexAlgorithms. Nothing ever gets far enough to even trigger fail2ban. Then of course it’s key only login from there.
Setting a random SSH port and limiting it to 3/min saw failed login attempts fall by 99% and jailed IPs fall to 0.
I’ve found great success using a hardened ssh config with a limited set of supported
Cyphers/MACs/KexAlgorithms. Nothing ever gets far enough to even triggerfail2ban. Then of course it’s key only login from there.