Implement fail2ban clients on servers #132
Comments
|
you can even role this out by using ansible ;) |
|
Hey @tobiasehlert, thanks for contributing. We considered this, or pam_shield. But the challenge is that students most likely would lock themselfs out. Consider that a student can run a playbook repeatedly and then getting banned. We're leaning to AWS security group fix, or simply changing default port for SSH. |
|
@mglantz, well, there is a way again. You can whitelist the ansible tower server in the destination hosts, and therefore your students won't be locked out, when running their playbooks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since they try to hammer on port 22, you could implement fail2ban to trigger on ssh login attempts and block the IPs automatically with iptables or silimar solution.
On this way you'll reduce the possibility of someone hijacking the servers when beginning a lab.
Even better (or in combination):
It would also be good to whitelist IPs from where students come on the AWS servers, do reduce possibility to login from other locations then where you are doing work.
The text was updated successfully, but these errors were encountered: