You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since they try to hammer on port 22, you could implement fail2ban to trigger on ssh login attempts and block the IPs automatically with iptables or silimar solution.
On this way you'll reduce the possibility of someone hijacking the servers when beginning a lab.
Even better (or in combination):
It would also be good to whitelist IPs from where students come on the AWS servers, do reduce possibility to login from other locations then where you are doing work.
The text was updated successfully, but these errors were encountered:
Hey @tobiasehlert, thanks for contributing. We considered this, or pam_shield. But the challenge is that students most likely would lock themselfs out. Consider that a student can run a playbook repeatedly and then getting banned. We're leaning to AWS security group fix, or simply changing default port for SSH.
@mglantz, well, there is a way again. You can whitelist the ansible tower server in the destination hosts, and therefore your students won't be locked out, when running their playbooks.
Since they try to hammer on port 22, you could implement fail2ban to trigger on ssh login attempts and block the IPs automatically with iptables or silimar solution.
On this way you'll reduce the possibility of someone hijacking the servers when beginning a lab.
Even better (or in combination):
It would also be good to whitelist IPs from where students come on the AWS servers, do reduce possibility to login from other locations then where you are doing work.
The text was updated successfully, but these errors were encountered: