kaipee

joined 1 year ago
[–] kaipee@alien.top 1 points 11 months ago (1 children)

Easy to do with known internal networks.

Difficult to manage when roaming.

[–] kaipee@alien.top 3 points 11 months ago (7 children)

Disable password auth.

Enable key only auth.

Add in TOTP 2FA (google authenticator).

Randomize the port (reduce bots) that forwards to 22.

Configure lockout to block upon 3 failed attempts, for a long duration like 1 year. (Have a backup access on LAN).

Ensure only the highest encryption ciphers are accepted.

Ensure upgrades are applied to sshd at least monthly.

[–] kaipee@alien.top 3 points 11 months ago (4 children)

How is a VPN service more secure than an SSH service?

Both accept login.

Both provide can be brute forced / if using password.

[–] kaipee@alien.top 2 points 11 months ago

Here be dragons