• thisisawayoflife@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    This person is not wrong. Still, I have f2b setup for ssh on all my externally available hosts, banning after the first login failure. When using pre shared keys in the server (with sshd configured, not using defaults) and an ssh config on the client that defines each host and key combo, it’s impossible to fail login, ever. I have never been burned by using this method and it’s been in place in all my hosts, starting many years ago.

    I feel like a lot of sshd hardening tuts overlook client configuration. That is the piece that makes ssh very easy to work with from a user’s perspective.

  • skankhunt42@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    11 months ago

    You will very likely waste hours of your life. you will have to google “rsync ssh non standard port” every time you want to use rsync. you will have to remember scp flags. this is also bad. probably worse.

    I feel personally attacked. I use an SSH config file so its not a problem (anymore) but wow.