Luke Macken wrote:
During the summit Warren proposed a few security policies for our publictest* machines, which we all agreed on:o must get approval from infrastructure team o denyhosts must be configured o ssh key authentication only
I use SSH public key authentication on all my servers (password authentication disabled) and I used to run DenyHosts. At some point I decided to replace DenyHosts with Fail2ban [1], because Fail2ban creates (temporary) iptables rules instead of (temporary) entries in / etc/hosts.deny. Have you compared the two?
Nils Breunese. [1] http://fail2ban.sourceforge.net/
Attachment:
PGP.sig
Description: Dit deel van het bericht is digitaal ondertekend
