Nikola Lakić :arch:  

I've set up different port than default to access remote server via SSH and also disabled password login (pubkey enabled), in /etc/hosts.deny enabled ALL: PARANOID. Anything more to increase security or is this enough?

1+
ߋߡۺ৩֎  

@nikolal
fail2ban probs a good idea too

1
Nikola Lakić :arch:
Follow

@y0x3y
Seems like it, although I edited everything I need in sshd for additional options such as number of attempts, timeout etc. Fail2ban might be usefull for apache server, thanks for suggestion.

· · Fedilab · 1 · 0 · 0
Michel Salim :duckduckgo:  

@nikolal @y0x3y port knocking might be a good idea too

1+
Nikola Lakić :arch:  

@michel_slm
This seems good, but difficult to setup on first glance. I will try it when I have more time, for now pubkey auth will do the trick
@y0x3y

0
Nikola Lakić :arch:  

@michel_slm
Quite good hardening would be /etc/hosts.allow file set only to specific IP adresses that I use. I have one question though, is it possible for me to access my remote apache server with ssh tunneling? Or can any attacker access my apache server with http if he knows my IP address, since router points to my raspberry server?
@y0x3y

0
Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…