SSH port modification recommandation but not in fail2ban conf?

SylvainCecchetto · September 23, 2018, 4:06pm

Hi!

In this page https://yunohost.org/#/security_fr you say that it is better to change the SSH default port to another one and I’m totally agree with that.
But what about the default fail2ban config? Would we modify /etc/fail2ban/yunohost-jails.conf with:

[sshd]
enabled = true
port = <new_port>

Or maybe fail2ban directly read the sshd config file to guess the correct port?

Thank you.

Aleks · September 23, 2018, 6:49pm

No, you should indeed also change the ssh port in the fail2ban conf ideally.

SylvainCecchetto · September 23, 2018, 10:17pm

Thank you Aleks for the confirmation

Maybe it would be great to update the https://yunohost.org/#/security_fr page in the “Modification SSH port” section?

Aleks · September 23, 2018, 11:58pm

Yes, and you can do this by clicking the ‘Edit’ button at the bottom left

SylvainCecchetto · September 24, 2018, 6:11am

Oh yes, completely forgot about this feature.

I will do that!