4·
12 days agoI use port knock. Really helps against scans if you are the edge device.
- 0 Posts
- 4 Comments
Joined 1 year ago
Cake day: October 23rd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
If it’s public facing, how about dont turn on ssh to the public, open it to select ips or ranges. Use a non standard port, use a cert or even a radius with TOTP like privacyIdea. How about a port knocker to open the non standard port as well. Autoban to lock out source ips.
That’s just off the top of my head.
There’s a lot you can do to harden a host.
There’s a 40 year I.T. veteran here that still suffers imposter syndrome. It’s a real thing I’ve never been able to shake off
Sure. My ISP gave me this range for this exact reason.