Comments on: How to Install Fail2Ban to Protect SSH on CentOS/RHEL 8

By: Anon

Anon — Fri, 23 Oct 2020 23:21:42 +0000

Agree 100%.

Two entirely different issues here. 2FA is always the best practice, but SSH is just one service.

2FA won’t protect the other public-facing services you may be running from a brute-force attack. Fail2ban does that quite well. The fact that it’s been around a long time isn’t relevant. It works.

By: @benjamenmeyer

@benjamenmeyer — Tue, 29 Sep 2020 18:26:23 +0000

In reply to Jani.

fail2ban is one of several tools for securing a system, and it doesn’t just apply to SSH.

Yes, use 2FA; but still, use fail2ban as it helps limit the number of attempts in breaking in. However old it may be, it’s still a key tool in security.

By: Ravi Saive

Ravi Saive — Fri, 11 Oct 2019 04:23:29 +0000

In reply to Jani. @Jani, I agree with you, Fail2ban is an older way to secure SSH, the best way to have a two-factor google-authenticator as explained here: How to Setup Two-Factor Authentication (Google Authenticator) for SSH Logins.

By: Jani

Jani — Wed, 09 Oct 2019 07:16:49 +0000

Fail2ban is a way too old method to use for security. You should always use ssh-keys and (google) authenticator if you use ssh from the internet (less than 5 minutes to setup). And just change the default port to something else so your logs won't get full of script-kiddies try-outs.