This person is not wrong. Still, I have f2b setup for ssh on all my externally available hosts, banning after the first login failure. When using pre shared keys in the server (with sshd configured, not using defaults) and an ssh config on the client that defines each host and key combo, it’s impossible to fail login, ever. I have never been burned by using this method and it’s been in place in all my hosts, starting many years ago.
I feel like a lot of sshd hardening tuts overlook client configuration. That is the piece that makes ssh very easy to work with from a user’s perspective.
This person is not wrong. Still, I have f2b setup for ssh on all my externally available hosts, banning after the first login failure. When using pre shared keys in the server (with sshd configured, not using defaults) and an ssh config on the client that defines each host and key combo, it’s impossible to fail login, ever. I have never been burned by using this method and it’s been in place in all my hosts, starting many years ago.
I feel like a lot of sshd hardening tuts overlook client configuration. That is the piece that makes ssh very easy to work with from a user’s perspective.