Wiki

SSH:Konfigurasi dengan Fail2ban: Difference between revisions

← Older edit
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,154 edits
VisualWikitext
No edit summary
No edit summary
 
Line 42: Line 42:


*After you have specified the configuration options and their respective values, save the file and restart the Fail2Ban service with the following command:
*After you have specified the configuration options and their respective values, save the file and restart the Fail2Ban service with the following command:
<syntaxhighlight lang="shell">
 
sudo systemctl restart fail2ban.service
sudo systemctl restart fail2ban.service
</syntaxhighlight>
 
*After restarting the OpenSSH server service, Fail2Ban uses this new configuration and the jail for the sshd service is activated and runs.
*After restarting the OpenSSH server service, Fail2Ban uses this new configuration and the jail for the sshd service is activated and runs.
*You can now test this functionality by re-enabling PasswordAuthentication in the OpenSSH Configuration file found in <code>/etc/ssh/sshd_config</code>. Do this by changing the value from no to yes using the text editor of your choice. Make sure these lines are uncommented.
*You can now test this functionality by re-enabling PasswordAuthentication in the OpenSSH Configuration file found in <code>/etc/ssh/sshd_config</code>. Do this by changing the value from no to yes using the text editor of your choice. Make sure these lines are uncommented.
<syntaxhighlight lang="shell" line="1">
 
#To disable tunneled clear text passwords, change to no here!
  #To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
PermitEmptyPasswords no
</syntaxhighlight>
 
*This allows users to use passwords for authentication in addition to SSH key-pairs. Fail2Ban automatically detects brute-force attempts on SSH and blocks the users automatically. This greatly improves the security of both password based authentication and the server and is useful for user accounts that do not have administrator privileges.
*This allows users to use passwords for authentication in addition to SSH key-pairs. Fail2Ban automatically detects brute-force attempts on SSH and blocks the users automatically. This greatly improves the security of both password based authentication and the server and is useful for user accounts that do not have administrator privileges.


Retrieved from "https://kangtain.com/wiki/index.php/SSH:Konfigurasi_dengan_Fail2ban"