Comment on What us the best way to add remote access to my servers?
ergonomic_importer@piefed.ca 2 days agoFor remote management, I just enable SSH, configure it to run on some non-standard port and enable Fail2ban… Make sure I use certificates or secure passwords and also check if fail2ban is actually doing its job. Never had any issues with that setup.
This is what I’ve done for years, but I sometimes feel like it’s not a great solution from a security standpoint.
Though I have switched from fail2ban to Crowdsec, which did end up banning my own connection attempts when I forgot to whitelist myself, so that seems secure enough.
hendrik@palaver.p3x.de 2 days ago
Hmmh. I’m not entirely satisfied with any of them. Crowdsec is a bit too complex and involved for my taste. And oftentimes there’s no good application config floating around on the internet. Whereas fail2ban is old and eats up way too much resources for what it’s doing. And all of it is a bit too error-prone(?) As far as I remember I had several instances when I thought I had set it up correctly, but it didn’t match anything. Or it was looking for some logfile per default but my program wrote to the SystemD journal. So nowadays, I’ll double-check everything.