Nikola Lakić :arch:  

I've set up different port than default to access remote server via SSH and also disabled password login (pubkey enabled), in /etc/hosts.deny enabled ALL: PARANOID. Anything more to increase security or is this enough?

1+
ߋߡۺ৩֎  

@nikolal
fail2ban probs a good idea too

1
Nikola Lakić :arch:  

@y0x3y
Seems like it, although I edited everything I need in sshd for additional options such as number of attempts, timeout etc. Fail2ban might be usefull for apache server, thanks for suggestion.

1
Michel Salim :duckduckgo:  

@nikolal @y0x3y port knocking might be a good idea too

1+
Nikola Lakić :arch:
Follow

@michel_slm
This seems good, but difficult to setup on first glance. I will try it when I have more time, for now pubkey auth will do the trick
@y0x3y

· · Fedilab · 0 · 0 · 0
Sign in to participate in the conversation
Mastodon 🔐 privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!

Resources

Developers

What is Mastodon?

social.privacytools.io

More…