some_guy@lemmy.sdf.org to Technology@lemmy.world · 7 days agoI use Zip Bombs to Protect my Serveridiallo.comexternal-linkmessage-square104linkfedilinkarrow-up1568arrow-down116file-text
arrow-up1552arrow-down1external-linkI use Zip Bombs to Protect my Serveridiallo.comsome_guy@lemmy.sdf.org to Technology@lemmy.world · 7 days agomessage-square104linkfedilinkfile-text
minus-squareairgapped@piefed.sociallinkfedilinkEnglisharrow-up14·6 days agoSetting a random SSH port and limiting it to 3/min saw failed login attempts fall by 99% and jailed IPs fall to 0.
minus-squareWFloyd@lemmy.worldlinkfedilinkEnglisharrow-up4·5 days agoI’ve found great success using a hardened ssh config with a limited set of supported Cyphers/MACs/KexAlgorithms. Nothing ever gets far enough to even trigger fail2ban. Then of course it’s key only login from there.
Setting a random SSH port and limiting it to 3/min saw failed login attempts fall by 99% and jailed IPs fall to 0.
I’ve found great success using a hardened ssh config with a limited set of supported
Cyphers/MACs/KexAlgorithms. Nothing ever gets far enough to even triggerfail2ban. Then of course it’s key only login from there.