• @dallen@programming.dev
    link
    fedilink
    English
    67 months ago

    I like to require access to 22 via IP whitelist and all services on SSL behind a reverse proxy. Doesn’t leave much surface to attack.

    • @phoenixz@lemmy.ca
      link
      fedilink
      English
      57 months ago

      Also, move ssh to a different, higher port. Since ssh isn’t exactly for noobs, changing the port is easy enough to work with and that alone already reduces port scans and what not

      • Nik282000
        link
        fedilink
        English
        27 months ago

        I recently setup Guacamole (Web based VNC/RDP/SSH) with totp and was able to close external SSH access. Now everything I run can sit behind a single reverse proxy, no extra ports.