Your answer to “how to harden SSH?” is “harden SSH”?
I know your two other points gave concrete suggestions, but it’s pretty funny you suggested to “harden sshd” when that is what OP is asking how to do.
Comment on How to harden against SSH brute-forcing?
zr0@lemmy.dbzer0.com 11 months ago
- harden sshd
- use fail2ban or even better CrowdStrike
- use a tool like the following to have a next-gen security solution: github.com/mrash/fwknop
dev_null@lemmy.ml 11 months ago
zr0@lemmy.dbzer0.com 11 months ago
Yeah, I see your point. No use to repeat the same you can read in other comments or in those 274772 guides online. I was trying to imply to just generally harden ssh because then brute-force attempts should be no issue, unless you log everything and the disk space gets maxed out :D
om1k@sopuli.xyz 11 months ago
did you mean crowdsec instead of crowdstrike?
whodatdair@lemmy.blahaj.zone 11 months ago
Vietnam stare
zr0@lemmy.dbzer0.com 11 months ago
Fml… yes, I meant CrowdSec. Thanks for the hint
sugar_in_your_tea@sh.itjust.works 11 months ago
More details:
That should be plenty, but you could go a bit further and restrict the types of algorithms allowed (e.g. disallow RSA if you’re worried about quantum attacks). For this, I recommend a subtractive config (e.g.
HostbasedAcceptedAlgorithms=-rsa-*). This is way over the top since an attacker is unlikely to attack the cipher directly, but it could be part of an attack.