KeyHelp Community

Hello,

Sorry if I asked something that has been asked before but I only understand english.

So, I set up new KeyHelp server (latest version), and also do these things :

- Change SSH port to non-standard
- Use pubkeys to login SSH (disable paaswd, disable root login, enable only specific IPs for SSH login)
- Disable Keyhelp virusscan

Do I still need Fail2ban or can I disable it? My new VPS has only 2 vcpu and 1 GB memory, so I need to save as much resources as I can.

Thank you!

Hello,

basically you can run any public server without fail2ban. So you might also decide yourself if you like to disable it or not.
But just be aware: You need to rely on strong passwords for mailaccounts or other login jails.

You should also set some additional settings at

Code: Select all

/etc/ssh/sshd_config

Code: Select all

PermitRootLogin without-password
MaxAuthTries 2

Same activate 2FA in Keyhelp for Administrative and Domainusers.

Thanks for replying!

btw, this SSH config will not get replaced by automatic updates, or will they?

Code: Select all

/etc/ssh/sshd_config

I have made lots of changes in that file.

No, it will not be touched.

To make SSH more secure you can block all IP's except the ones listed in:

nano /etc/hosts.allow

Just insert this, then all IP's for SSH are blocked:

Code: Select all

#IPv4.
sshd : x.x.x.x : allow
#IPv6 just a sample, but you probably need a range for IPv6 that match your private range.
sshd : [x:x:x:x::]/48 : allow
# Others deny
sshd : ALL : deny

When done this, nobody can touch SSH, not even localhost if not listed for allow.
Be carefull using this

KeyHelp Community

Fail2Ban Unnecessary?

Fail2Ban Unnecessary?

Re: Fail2Ban Unnecessary?

Re: Fail2Ban Unnecessary?

Re: Fail2Ban Unnecessary?

Re: Fail2Ban Unnecessary?