Comment on How to harden against SSH brute-forcing?
BrianTheeBiscuiteer@lemmy.world 2 weeks ago
In addition to other advice you could also use SSH over Wireguard. Wireguard basically makes the open port invisible. If you don’t provide the proper key upfront you get no response. To an attacker the port might as well be closed.
Here’s at least one article on the subject: rair.dev/wireguard-ssh/
nekusoul@lemmy.nekusoul.de 2 weeks ago
Exactly. No root login and no password login are always useful as basic measures, but after that Wireguard is perfect tool for this, no weird rituals required and also quite useful for any other services you don’t want and/or need to expose to the internet as well.
sugar_in_your_tea@sh.itjust.works 2 weeks ago
Just remember that you’ll only be able to SSH in w/ a device that’s already configured for WireGuard. So if you’re at a friend’s house and haven’t set up your phone to do it yet, you’ll be forced to use the VPS console to get in. Make sure this is what you want before you do it.