Hi Conrad,
On Fri, Mar 02, 2018 at 12:19:11PM +0000, Conrad Wood wrote:
I found blocking large network ranges for upto 60
minutes worked well
for my kind of ssh, together with an IP Whitelist of my most common IPs
. Perhaps an agressive fail2ban policy together with a user-maintained
ip whitelist would work well for bitfolk?
Yes, it may be a workable idea to block port 22 access completely
but then allow people to supply some allowed netblocks via the web
panel.
Cheers,
Andy
I'm not so sure about this. Users are notorious for being too lax with
their whitelists. What limit will you impose on this user-set netblock?
/24? If you do this limit is as follows:
* 1 IP per entry
* Max 3 entries
I am for blocking 22 completely and allowing port password and key login
on 922.
--GM