Comment on How to harden against SSH brute-forcing?
sugar_in_your_tea@sh.itjust.works 3 weeks agoI highly recommend using key-based SSH authentication exclusively for all users on your server, and disallow root login as well.
Geoblocking mostly cuts down on the spam, but also constrains where an actual attack can come from. If there’s some kind of zero-day attack on SSH, this will dramatically reduce the risk you’re hit.
someacnt@sh.itjust.works 3 weeks ago
Fortunately my VPS (oracle) has set SSH authentication to be default. Disallowing root login sounds good, gotta try that as well.