Hi,
With regard to SSH security is installing Fail2ban an effective solution?
Should I install keys for SSH also or just use password authentication?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Understanding Fail2Ban and SSH security
Re: Understanding Fail2Ban and SSH security
Sounds like homework. When understanding the nature of mentioned services only common sense is required to answer your questions. So I guess the idea here is to make you learn how SSH and Fail2ban work, then you can answer these questions in your own.
Re: Understanding Fail2Ban and SSH security
Hi MedricCedric,
I saw your post tonight while scanning the forum. Maybe I can offer a small bit of assistance.
From the little bit that I read, I think you are probably trying to ensure a secure connection between one Linux machine and another. Fail2Ban is one tool that you should probably employ and there are others.
I would recommend that you check out Jay LaCroix's YouTube channel "LearnLinuxTV". (I follow Jay and support him but I do not receive remuneration of any type from him.) There are three episodes that I have watched which have helped me to 'harden my server' against intrusion:
1. "10 Tips for Hardening your Linux Servers";
2. "Using Fail2ban To Secure Your Server"; and
3. "Protecting your Cloud Server from Brute-Force attacks with FAIL2BAN".
In the first video Jay explains, among other things, how to also set up a public / private key pair so that you can connect to your server without ever again using passwords that are subject to loss or code breaking.
The second YouTube channel that I would recommend is NetworkChuck. His "5 Steps to Secure Linux ..." may be somewhat of a rehash of some of Jay's points, however, I believe that it's worth watching.
Another thing that you can do is to load 'Tripwire' onto your server, but do some reading about this first. It's an Ubuntu Server software and even though Ubuntu is derived from Debian there may be compatibility issues; I don't know and I don't want to be responsible for problems with your machine, I make enough mistakes when working on my own.
Having said that, 'Tripwire', when loaded on immediately after setting up the server, will tag each file so that you can tell if any of your files have been "Touched" by someone outside of your network. Look for videos on 'Tripwire'.
I would recommend that you watch all the videos - maybe several times - and then decide how you want to implement security on your system. Also, I would recommend viewing any vids about SSH. Sorry, I don't know your experience level so I'm throwing out what I would recommend to someone like myself who is just getting into servers and such; I've been playing with Linux for about 6 years and still consider myself a novice (noobie).
Good luck!
Opps! I made a boo boo.
Item #1 in my earlier list should have been "5 Easy Tweaks to increase the Security of your Linux Server", sorry about that. Both this one and the first one I mentioned have similar descriptions, but this one is the one that is also reflected by NetworkChuck.
Again, I would checkout both of these YouTube channels, I find that they are quite comprehensive in terms of the information and examples used.
I saw your post tonight while scanning the forum. Maybe I can offer a small bit of assistance.
From the little bit that I read, I think you are probably trying to ensure a secure connection between one Linux machine and another. Fail2Ban is one tool that you should probably employ and there are others.
I would recommend that you check out Jay LaCroix's YouTube channel "LearnLinuxTV". (I follow Jay and support him but I do not receive remuneration of any type from him.) There are three episodes that I have watched which have helped me to 'harden my server' against intrusion:
1. "10 Tips for Hardening your Linux Servers";
2. "Using Fail2ban To Secure Your Server"; and
3. "Protecting your Cloud Server from Brute-Force attacks with FAIL2BAN".
In the first video Jay explains, among other things, how to also set up a public / private key pair so that you can connect to your server without ever again using passwords that are subject to loss or code breaking.
The second YouTube channel that I would recommend is NetworkChuck. His "5 Steps to Secure Linux ..." may be somewhat of a rehash of some of Jay's points, however, I believe that it's worth watching.
Another thing that you can do is to load 'Tripwire' onto your server, but do some reading about this first. It's an Ubuntu Server software and even though Ubuntu is derived from Debian there may be compatibility issues; I don't know and I don't want to be responsible for problems with your machine, I make enough mistakes when working on my own.
Having said that, 'Tripwire', when loaded on immediately after setting up the server, will tag each file so that you can tell if any of your files have been "Touched" by someone outside of your network. Look for videos on 'Tripwire'.
I would recommend that you watch all the videos - maybe several times - and then decide how you want to implement security on your system. Also, I would recommend viewing any vids about SSH. Sorry, I don't know your experience level so I'm throwing out what I would recommend to someone like myself who is just getting into servers and such; I've been playing with Linux for about 6 years and still consider myself a novice (noobie).
Good luck!
Opps! I made a boo boo.
Item #1 in my earlier list should have been "5 Easy Tweaks to increase the Security of your Linux Server", sorry about that. Both this one and the first one I mentioned have similar descriptions, but this one is the one that is also reflected by NetworkChuck.
Again, I would checkout both of these YouTube channels, I find that they are quite comprehensive in terms of the information and examples used.
Last edited by LxCoder on 2022-10-06 16:46, edited 1 time in total.
- donald
- Debian Developer, Site Admin
- Posts: 1093
- Joined: 2021-03-30 20:08
- Has thanked: 188 times
- Been thanked: 244 times
Re: Understanding Fail2Ban and SSH security
Please be constructive, RTFM and such is not welcome here. Remember at one point we were all new to IT.
Re-read the guidelines for accounts here: viewtopic.php?f=20&t=149781
I will personally, and start instructing the staff to give immediate account warnings in the future for this unwelcome mentality.
To be clear I did give you an account warning for that post.
Typo perfectionish.
"The advice given above is all good, and just because a new message has appeared it does not mean that a problem has arisen, just that a new gremlin hiding in the hardware has been exposed." - FreewheelinFrank
"The advice given above is all good, and just because a new message has appeared it does not mean that a problem has arisen, just that a new gremlin hiding in the hardware has been exposed." - FreewheelinFrank
- Hallvor
- Global Moderator
- Posts: 2043
- Joined: 2009-04-16 18:35
- Location: Kristiansand, Norway
- Has thanked: 151 times
- Been thanked: 212 times
Re: Understanding Fail2Ban and SSH security
One of the best ways to secure your server, by far, is configuring the SSH-server properly. If you can reach your server from your LAN, disable external (WAN) logins.MedricCedric wrote: ↑2022-09-20 09:03 Hi,
With regard to SSH security is installing Fail2ban an effective solution?
Should I install keys for SSH also or just use password authentication?
viewtopic.php?t=150443
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD