[Freedombox-discuss] sshd on non-standard port?
Jonas Smedegaard
jonas at jones.dk
Thu Mar 16 08:34:04 UTC 2017
Quoting Sunil Mohan Adapa (2017-03-16 06:05:25)
> On Thursday 16 March 2017 01:46 AM, Daddy wrote:
>> I have the same experience - I'm using freedombox as (internet exposed)
>> router, and I get several root login ssh attempts from various ip
>> addresses every few seconds.
>>
>> I've installed fail2ban, but as pam-abl is present, that was probably an
>> overkill.
>>
>
> Fail2ban is good choice in this case because we wish to stop attempts
> from happening (and logs from filling up). Fail2ban actively
> discourages an adversary by blocking their packet traffic which
> libpam-abl does not. Fail2ban also has the infrastructure for making
> web based login attempts harder.
>
> There have been previous discussions about adding fail2ban to
> FreedomBox by default. I opened a new issues to implement this
> fail2ban for SSH[1] and Plinth[2]. If someone is interested they can
> pick it up (slightly more than 'beginner' level difficulty).
pam-abl is more resource-efficient and arguably less brittle than
fail2ban, as it hooks into the login process itself whereas fail2ban
rely on parsing logfiles (which especially under attack can grow large).
pam-abl can be configured to block network traffic altogether - from a
quick search for "pam-abl iptables":
http://serverfault.com/questions/395379/how-to-use-pam-to-limit-failed-login-attempts-by-ip
> Links:
>
> 1) https://github.com/freedombox/Plinth/issues/759
> 2) https://github.com/freedombox/Plinth/issues/760
Can we please track Freedombox issues at our Debian bugtracker?
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20170316/bef80c6a/attachment.sig>
More information about the Freedombox-discuss
mailing list