• 0 Posts
  • 5 Comments
Joined 1 year ago
cake
Cake day: November 12th, 2023

help-circle


  • kaipee@alien.topBtoSelf-Hosted Mainforwarding port 22 safe?
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Disable password auth.

    Enable key only auth.

    Add in TOTP 2FA (google authenticator).

    Randomize the port (reduce bots) that forwards to 22.

    Configure lockout to block upon 3 failed attempts, for a long duration like 1 year. (Have a backup access on LAN).

    Ensure only the highest encryption ciphers are accepted.

    Ensure upgrades are applied to sshd at least monthly.