Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Understanding Fail2Ban and SSH security

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
MedricCedric
Posts: 12
Joined: 2022-06-30 14:19

Understanding Fail2Ban and SSH security

#1 Post by MedricCedric »

Hi,

With regard to SSH security is installing Fail2ban an effective solution?

Should I install keys for SSH also or just use password authentication?

Segfault
Posts: 993
Joined: 2005-09-24 12:24
Has thanked: 5 times
Been thanked: 17 times

Re: Understanding Fail2Ban and SSH security

#2 Post by Segfault »

Sounds like homework. When understanding the nature of mentioned services only common sense is required to answer your questions. So I guess the idea here is to make you learn how SSH and Fail2ban work, then you can answer these questions in your own.

LxCoder
Posts: 8
Joined: 2022-09-29 20:46
Location: Nova Scotia
Been thanked: 1 time

Re: Understanding Fail2Ban and SSH security

#3 Post by LxCoder »

Hi MedricCedric,

I saw your post tonight while scanning the forum. Maybe I can offer a small bit of assistance.

From the little bit that I read, I think you are probably trying to ensure a secure connection between one Linux machine and another. Fail2Ban is one tool that you should probably employ and there are others.

I would recommend that you check out Jay LaCroix's YouTube channel "LearnLinuxTV". (I follow Jay and support him but I do not receive remuneration of any type from him.) There are three episodes that I have watched which have helped me to 'harden my server' against intrusion:

1. "10 Tips for Hardening your Linux Servers";
2. "Using Fail2ban To Secure Your Server"; and
3. "Protecting your Cloud Server from Brute-Force attacks with FAIL2BAN".

In the first video Jay explains, among other things, how to also set up a public / private key pair so that you can connect to your server without ever again using passwords that are subject to loss or code breaking.

The second YouTube channel that I would recommend is NetworkChuck. His "5 Steps to Secure Linux ..." may be somewhat of a rehash of some of Jay's points, however, I believe that it's worth watching.

Another thing that you can do is to load 'Tripwire' onto your server, but do some reading about this first. It's an Ubuntu Server software and even though Ubuntu is derived from Debian there may be compatibility issues; I don't know and I don't want to be responsible for problems with your machine, I make enough mistakes when working on my own.

Having said that, 'Tripwire', when loaded on immediately after setting up the server, will tag each file so that you can tell if any of your files have been "Touched" by someone outside of your network. Look for videos on 'Tripwire'.

I would recommend that you watch all the videos - maybe several times - and then decide how you want to implement security on your system. Also, I would recommend viewing any vids about SSH. Sorry, I don't know your experience level so I'm throwing out what I would recommend to someone like myself who is just getting into servers and such; I've been playing with Linux for about 6 years and still consider myself a novice (noobie).

Good luck!

Opps! I made a boo boo. 😳

Item #1 in my earlier list should have been "5 Easy Tweaks to increase the Security of your Linux Server", sorry about that. Both this one and the first one I mentioned have similar descriptions, but this one is the one that is also reflected by NetworkChuck.

Again, I would checkout both of these YouTube channels, I find that they are quite comprehensive in terms of the information and examples used.
Last edited by LxCoder on 2022-10-06 16:46, edited 1 time in total.

User avatar
donald
Debian Developer, Site Admin
Debian Developer, Site Admin
Posts: 1046
Joined: 2021-03-30 20:08
Has thanked: 186 times
Been thanked: 240 times

Re: Understanding Fail2Ban and SSH security

#4 Post by donald »

Segfault wrote: 2022-09-20 12:46 Sounds like homework. When understanding the nature of mentioned services only common sense is required to answer your questions. So I guess the idea here is to make you learn how SSH and Fail2ban work, then you can answer these questions in your own.
Please be constructive, RTFM and such is not welcome here. Remember at one point we were all new to IT.

Re-read the guidelines for accounts here: viewtopic.php?f=20&t=149781

I will personally, and start instructing the staff to give immediate account warnings in the future for this unwelcome mentality.

To be clear I did give you an account warning for that post.
Typo perfectionish.


"The advice given above is all good, and just because a new message has appeared it does not mean that a problem has arisen, just that a new gremlin hiding in the hardware has been exposed." - FreewheelinFrank

User avatar
Hallvor
Global Moderator
Global Moderator
Posts: 2029
Joined: 2009-04-16 18:35
Location: Kristiansand, Norway
Has thanked: 139 times
Been thanked: 206 times

Re: Understanding Fail2Ban and SSH security

#5 Post by Hallvor »

MedricCedric wrote: 2022-09-20 09:03 Hi,

With regard to SSH security is installing Fail2ban an effective solution?

Should I install keys for SSH also or just use password authentication?
One of the best ways to secure your server, by far, is configuring the SSH-server properly. If you can reach your server from your LAN, disable external (WAN) logins.

viewtopic.php?t=150443
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD

Post Reply