1. 5
  1. 6

    Kind of a side point, but while I used to use fail2ban, these days I prefer to just set up ssh with key-only authentication. Then it doesn’t really matter whether someone makes 3 or 300 failed ssh logins a day, since they aren’t going to run any kind of successful dictionary attack.

    1. 4

      I have SSH configured for key-only authentication, but I’m still annoyed at seeing my auth.log fill up so quickly!

      1. 5

        Hah true, I’ve seen fail2ban sometimes referred to as a log sanitizer.

        1. 2

          Hehe. Another reason I like to run sshd on a non-default port - not for security through obscurity but to prevent all the noise in my logs! ;) Well, that and the fact that access to port 443 is almost never blocked by $client firewalls, unlike 22…