Good ${greeting_time}, Joaquim!   
      
   18 Dec 2017 21:40:18, you wrote to me:   
      
    av>> Very dangerous thing... However, it makes some fun to   
    av>> use it against the admin^Widiot who installed it :-)   
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^   
    JH> I'm curious ... why is fail2ban dangerous?   
      
   Didn't you read the message before answering it?   
      
   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5642   
   and some others discovered since that.   
      
    av>> Being a security expert, I know (and use; and, obviously,   
    av>> recommend) better method: limit the number of connections per   
    av>> minute to 2 or 3, thus making any and all bruteforce attacks   
    av>> time-ineffective.   
    JH> I don't see why these are mutually exclusive ... but maybe I'm   
    JH> not an expert enough. If you use key-only authentication for SSH   
      
   Don't you?   
      
    JH> (for example), it makes perfect sense to add someone to a ban   
    JH> list for 15-600 minutes if they fail 3 times (for example).   
      
   Now imagine someone had tricked your funny stupid fail2ban to ban _you_...   
      
    JH> I quite often legitimately connect with 2-3-4 SSH sessions to the   
    JH> same server within a few minutes, but they don't fail of course :)   
      
   I guess you simply don't know about screen.   
      
      
   --   
   Alexey V. Vissarionov aka Gremlin from Kremlin   
   gremlin.ru!gremlin; +vii-cmiii-cmlxxvii-mmxlviii   
      
   ... :wq!   
   --- /bin/vi   
    * Origin: http://openwall.com/Owl (2:5020/545)