[00:48] minasota: Can't brute force an SSH key (well, I suppose you can, if the key is too small) [00:49] Can't brute force the SSL key to get on my VPN to try either [00:49] Tor hidden service they can try again, but again, I'm forcing SSH keys only [00:51] I'm not talking about the key. The link was talking about how to use host.allow and host.deny to block ip's from country origin [00:52] Using GeoIP and a small script. I'm sure fail2ban is sufficient (maybe) but I though it wa interesting that host.deny and host.allow had that capability [00:53] That's all [00:53] Ah Right, I'm saying I can't use that method becuase local addresses pass [00:55] ed25519++ [00:56] It says in the link " [00:56] Note: is an IP address cannot be matched to a country (such as an internal IP address), [00:56] the connection is accepted too (see the $COUNTRY = "IP Address not found"). [00:56] Yeah, and localhost and RFC1918 can't be matched [00:57] cyberanger: On one host, I have a hidden tor service pointing to SSH, Just In Caseā„¢ [00:57] Ok, I have no idea what you all talking about. I need to read more... [00:58] Thanks for the info [02:47] Howdy Omnifrog [02:47] hi wrst [02:48] how goes it? [02:48] How are things going? [02:48] hot and miserable [02:48] too hot to get out on the tractor [02:51] this channel got quiet over the years [02:52] well, quieter [02:54] right then [02:55] ttfn [12:15] cyberanger: I read RFC1918. What did you mean by "Yeah, and localhost and RFC1918 can't be matched"? [16:15] No country to match them to, so they pass, as they should (in my case) [16:16] Basically I banned all countries (from the scripts perspective) [16:31] minasota: ^ [20:01] cyberanger: got it. btw, RFC1918 seems a little... dated [20:02] How so? [20:03] It was last updated in 1996. [20:04] Doesn't address ipv6, not from what I saw [20:18] And, a personal rant. Fail2ban is crap [20:20] sshguard seems to work better [20:33] It wasn't made to support ipv6, it was made to extend ipv4 long enough to develop and adopt ipv6, 20 years later we're still stuck on that issue [20:34] Old does not mean irrelevant, if anything it's more relevant than ever [20:34] For proof, run ifconfig and compare it