Comment on How to harden against SSH brute-forcing?
sugar_in_your_tea@sh.itjust.works 1 day agoI highly recommend using key-based SSH authentication exclusively for all users on your server, and disallow root login as well.
Geoblocking mostly cuts down on the spam, but also constrains where an actual attack can come from. If there’s some kind of zero-day attack on SSH, this will dramatically reduce the risk you’re hit.
someacnt@sh.itjust.works 1 day ago
Fortunately my VPS (oracle) has set SSH authentication to be default. Disallowing root login sounds good, gotta try that as well.