• dallen
    link
    fedilink
    English
    arrow-up
    6
    ·
    7 months ago

    I like to require access to 22 via IP whitelist and all services on SSL behind a reverse proxy. Doesn’t leave much surface to attack.

    • Phoenixz@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      Also, move ssh to a different, higher port. Since ssh isn’t exactly for noobs, changing the port is easy enough to work with and that alone already reduces port scans and what not

      • Nik282000@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        I recently setup Guacamole (Web based VNC/RDP/SSH) with totp and was able to close external SSH access. Now everything I run can sit behind a single reverse proxy, no extra ports.