Author: G. Miliotis Date: To: users Subject: Re: [bitfolk] SSH access to Xen Shell will have to be tightened up
On 2/3/2018 14:25, Andy Smith wrote: > Hi Conrad,
>
> On Fri, Mar 02, 2018 at 12:19:11PM +0000, Conrad Wood wrote:
>> I found blocking large network ranges for upto 60 minutes worked well
>> for my kind of ssh, together with an IP Whitelist of my most common IPs
>> . Perhaps an agressive fail2ban policy together with a user-maintained
>> ip whitelist would work well for bitfolk?
>
> Yes, it may be a workable idea to block port 22 access completely
> but then allow people to supply some allowed netblocks via the web
> panel.
>
> Cheers,
> Andy
>
I'm not so sure about this. Users are notorious for being too lax with
their whitelists. What limit will you impose on this user-set netblock?
/24? If you do this limit is as follows:
* 1 IP per entry
* Max 3 entries
I am for blocking 22 completely and allowing port password and key login
on 922.
