It's just another thing you need running on the server that must stay patched fo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		MichaelRenor on March 21, 2016 \| parent \| context \| favorite \| on: 3 months and 1M SSH attempts later It's just another thing you need running on the server that must stay patched forever. In my opinion less is better. RSA/4096-bit key encryption only. I don't even care if you use the root user. The ability for someone to crack a 4096-bit key is impossible in practice, and if your SSH server has a bug then it doesn't matter what fancy things you have setup.

rmdoss on March 21, 2016 [–]

It is fine for a 1-man server, but if you have multiple users and you have to be on top of things, then you need a bit more than that.

Specially to look at successful logins and audit where they come from. This is a good blog post on the subject:

https://blog.sucuri.net/2016/03/server-security-anomaly-beha...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact