That is not a secure password, despite the rather obvious obfuscation, there are only a few combinations a cracker need to try before guessing it.rpiswag wrote:The password was [email protected]$$word12. My new password is 23 characters long. I made the old password and had no password retry limit. I still need to figure out how to permanently block ip addresses instead of putting a ban time limit like 600 seconds or 10 minutes. I know this isn't necessary but I want to do it anyway.
The problem is nobody can ever honestly say "Yes, your Pi is safe"....is my pi safe?
Code: Select all
[email protected] ~ $ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-dropbear tcp -- anywhere anywhere multiport dports ssh fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-dropbear (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 220.127.116.11.broad.xy.jx.dynamic.163data.com.cn anywhere DROP all -- s217.silver.servdiscount-customer.com anywhere DROP all -- 18.104.22.168 anywhere DROP all -- 22.214.171.124 anywhere DROP all -- 126.96.36.199 anywhere DROP all -- 188.8.131.52 anywhere DROP all -- 184.108.40.206 anywhere DROP all -- 220.127.116.11 anywhere DROP all -- pool-72-84-227-118.rcmdva.fios.verizon.net anywhere DROP all -- 18.104.22.168 anywhere DROP all -- ool-6039ae8a.static.optonline.net anywhere DROP all -- ec2-52-4-232-145.compute-1.amazonaws.com anywhere RETURN all -- anywhere anywhere
First thing is that you should never allow login via ssh as user "root".Is my new setup going to stop most attacks through gaining root access through ssh?