Hello,
Sorry if I asked something that has been asked before but I only understand english.
So, I set up new KeyHelp server (latest version), and also do these things :
- Change SSH port to non-standard
- Use pubkeys to login SSH (disable paaswd, disable root login, enable only specific IPs for SSH login)
- Disable Keyhelp virusscan
Do I still need Fail2ban or can I disable it? My new VPS has only 2 vcpu and 1 GB memory, so I need to save as much resources as I can.
Thank you!
Fail2Ban Unnecessary?
Re: Fail2Ban Unnecessary?
Hello,
basically you can run any public server without fail2ban. So you might also decide yourself if you like to disable it or not.
But just be aware: You need to rely on strong passwords for mailaccounts or other login jails.
You should also set some additional settings at
Same activate 2FA in Keyhelp for Administrative and Domainusers.
basically you can run any public server without fail2ban. So you might also decide yourself if you like to disable it or not.
But just be aware: You need to rely on strong passwords for mailaccounts or other login jails.
You should also set some additional settings at
Code: Select all
/etc/ssh/sshd_configCode: Select all
PermitRootLogin without-password
MaxAuthTries 2
Mit freundlichen Grüßen / Best regards
Daniel Marckardt
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
https://www.keyweb.de - https://www.keyhelp.de
**************************************************************
Daniel Marckardt
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
https://www.keyweb.de - https://www.keyhelp.de
**************************************************************
Re: Fail2Ban Unnecessary?
Thanks for replying!
btw, this SSH config will not get replaced by automatic updates, or will they?
I have made lots of changes in that file.
btw, this SSH config will not get replaced by automatic updates, or will they?
Code: Select all
/etc/ssh/sshd_config
Re: Fail2Ban Unnecessary?
No, it will not be touched.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
-
BasHeijermans
- KeyHelp Translator
- Posts: 170
- Joined: Mon 20. Jun 2022, 12:01
- Location: Heppen Belgium
- Contact:
Re: Fail2Ban Unnecessary?
To make SSH more secure you can block all IP's except the ones listed in:
nano /etc/hosts.allow
Just insert this, then all IP's for SSH are blocked:
When done this, nobody can touch SSH, not even localhost if not listed for allow.
Be carefull using this
nano /etc/hosts.allow
Just insert this, then all IP's for SSH are blocked:
Code: Select all
#IPv4.
sshd : x.x.x.x : allow
#IPv6 just a sample, but you probably need a range for IPv6 that match your private range.
sshd : [x:x:x:x::]/48 : allow
# Others deny
sshd : ALL : deny
Be carefull using this
Greetings Bas.
Ik heb KeyHelp naar het Nederlands vertaald, contacteer me als er translatie fouten zijn.
(I have translated KeyHelp into Dutch, contact me if there are translation errors.)
Next version 24 of KeyHelp 100% translated.
Ik heb KeyHelp naar het Nederlands vertaald, contacteer me als er translatie fouten zijn.
(I have translated KeyHelp into Dutch, contact me if there are translation errors.)
Next version 24 of KeyHelp 100% translated.