Comment on How to harden against SSH brute-forcing?
Realitaetsverlust@lemmy.zip 1 week ago
You don’t. This is normal. Ensure key-only auth, ensure you do not login directly as root, maybe install fail2ban and you’re good. Some people move the port to a nonstandard one, but that only helps with automated scanners not determined attackers.
You could look into port-knocking if you want it really safe.
suicidaleggroll@lemm.ee 1 week ago
While true, cleaning up your logs such that you can actually see a determined attacked rather than it just getting buried in the noise is still worthwhile.