Hacker News new | past | comments | ask | show | jobs | submit login

I'd even go one step further and say portknocking would do a lot of good too, in addition to changing the default SSH port.



If anyone actually does this - please have a backup for the time when either Fail2Ban or/and PortKnocking (so both) fail or lock you out.


I've never had knockd fail me, can you fill me in on what pitfall got yours to go down? Just in case.


Besides dummy stuff like wrong config of knockd itself - which hopefully gets ironed out during initial (local/on-prem setup).

Every now and then particular knock ports might be blocked (DROP) by cliënt side ISP/wifi/etc you happen to be using at the moment.

Or your fiber optic connection package gets a speed boost, along with being moved behind CGNAT.

OK in my case switching from cable to fiber already included ending up behind a CGNAT, but people already on that ISP actually got that 2in1 surprise.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: